General

  • Target

    4d9cec788353f616f8f74144d5f3ea9968a81954b93ab7420673c8176031ecc6N

  • Size

    569KB

  • Sample

    241106-g2r3qsvlgv

  • MD5

    4ba449d94cb2fcb531f881f342ba0440

  • SHA1

    b1f6b03e7cb13c483e43ae92645a51558abe0c75

  • SHA256

    4d9cec788353f616f8f74144d5f3ea9968a81954b93ab7420673c8176031ecc6

  • SHA512

    12adb02b153b52f5abc45baa47adb4b8e4be3aa785794fb040315ffcc29ef31fc9eea06ce74bfe666bc108d3f4806654a5d70287970b127f474337b01334bf22

  • SSDEEP

    12288:DPZIGYWCkovyzcUkKIcuwiLA2Nn3o7ItGnqgFvo0:1BFivcc9KIcupLA2NnSnqgFvJ

Malware Config

Targets

    • Target

      4d9cec788353f616f8f74144d5f3ea9968a81954b93ab7420673c8176031ecc6N

    • Size

      569KB

    • MD5

      4ba449d94cb2fcb531f881f342ba0440

    • SHA1

      b1f6b03e7cb13c483e43ae92645a51558abe0c75

    • SHA256

      4d9cec788353f616f8f74144d5f3ea9968a81954b93ab7420673c8176031ecc6

    • SHA512

      12adb02b153b52f5abc45baa47adb4b8e4be3aa785794fb040315ffcc29ef31fc9eea06ce74bfe666bc108d3f4806654a5d70287970b127f474337b01334bf22

    • SSDEEP

      12288:DPZIGYWCkovyzcUkKIcuwiLA2Nn3o7ItGnqgFvo0:1BFivcc9KIcupLA2NnSnqgFvJ

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (82) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks