General

  • Target

    ff5ec84403d0590bfb72835e66a6995b32a43e9b2d0b98c40275164ee943286e

  • Size

    7.8MB

  • Sample

    241106-f4wy2avjd1

  • MD5

    ef2f1c72d04154ea5ac1177e1cd448b8

  • SHA1

    15e9a603aa6f92d6297dabb6ad4572d65f862f7d

  • SHA256

    ff5ec84403d0590bfb72835e66a6995b32a43e9b2d0b98c40275164ee943286e

  • SHA512

    94e366d4ba9a636382f9caae27aa733027e4441cdc3dcaf00a13a76af3f9bf1e9d2eee54a8c85208ad28d982bf3dd0065f421001afc23034420f94596d1c8ea3

  • SSDEEP

    49152:9VWdWiJsYLHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOu2Qw:jiJ3os45gaHrhdw3D7nTsReRR9e

Malware Config

Targets

    • Target

      ff5ec84403d0590bfb72835e66a6995b32a43e9b2d0b98c40275164ee943286e

    • Size

      7.8MB

    • MD5

      ef2f1c72d04154ea5ac1177e1cd448b8

    • SHA1

      15e9a603aa6f92d6297dabb6ad4572d65f862f7d

    • SHA256

      ff5ec84403d0590bfb72835e66a6995b32a43e9b2d0b98c40275164ee943286e

    • SHA512

      94e366d4ba9a636382f9caae27aa733027e4441cdc3dcaf00a13a76af3f9bf1e9d2eee54a8c85208ad28d982bf3dd0065f421001afc23034420f94596d1c8ea3

    • SSDEEP

      49152:9VWdWiJsYLHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOu2Qw:jiJ3os45gaHrhdw3D7nTsReRR9e

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks