General

  • Target

    e3a19fc64de7e05c0ab8025f78ae0fd1fa03821eec5862d0fc8895d4b4aac9ec

  • Size

    4.3MB

  • Sample

    241106-ewlyeswrhr

  • MD5

    97505ce818c29bf5a101b32d95152d95

  • SHA1

    0f179a178caa1eb8cb787cd49550312316fb52fa

  • SHA256

    e3a19fc64de7e05c0ab8025f78ae0fd1fa03821eec5862d0fc8895d4b4aac9ec

  • SHA512

    1d9aa5daae734ce34959695202916b312278438666d128faad67f04fc278209de75cc2c2e812a225e5d8f7b31379b314f9c27731e34884b65b25bb6914e99673

  • SSDEEP

    49152:9FKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160vA:Lo1c0tkStykq1604

Malware Config

Targets

    • Target

      e3a19fc64de7e05c0ab8025f78ae0fd1fa03821eec5862d0fc8895d4b4aac9ec

    • Size

      4.3MB

    • MD5

      97505ce818c29bf5a101b32d95152d95

    • SHA1

      0f179a178caa1eb8cb787cd49550312316fb52fa

    • SHA256

      e3a19fc64de7e05c0ab8025f78ae0fd1fa03821eec5862d0fc8895d4b4aac9ec

    • SHA512

      1d9aa5daae734ce34959695202916b312278438666d128faad67f04fc278209de75cc2c2e812a225e5d8f7b31379b314f9c27731e34884b65b25bb6914e99673

    • SSDEEP

      49152:9FKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160vA:Lo1c0tkStykq1604

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks