General

  • Target

    32f88df157d425f5baf9a5d7b4f68f47d49ddeecbafa4dccb8c783e60fc873a0N

  • Size

    228KB

  • Sample

    241106-g6hpvsxqhn

  • MD5

    6ecc8660c2b656da57e3149d66f5da90

  • SHA1

    c8b7f91fc78e2b5859015156e4484e255a7c6f66

  • SHA256

    32f88df157d425f5baf9a5d7b4f68f47d49ddeecbafa4dccb8c783e60fc873a0

  • SHA512

    817c74c7be98db52c85b2106f3ea428376074e8bb830b5aaa2da9cfcd8119cf24125e860762ee58cacbd2982c488146cc0fe4d7e0965ce655892568cf65ae079

  • SSDEEP

    6144:fPuLAlEW2EQAgU82rCsBJ5BGVzE2AU+PWE:MAlEdEMUvCsPOxE24PV

Malware Config

Targets

    • Target

      32f88df157d425f5baf9a5d7b4f68f47d49ddeecbafa4dccb8c783e60fc873a0N

    • Size

      228KB

    • MD5

      6ecc8660c2b656da57e3149d66f5da90

    • SHA1

      c8b7f91fc78e2b5859015156e4484e255a7c6f66

    • SHA256

      32f88df157d425f5baf9a5d7b4f68f47d49ddeecbafa4dccb8c783e60fc873a0

    • SHA512

      817c74c7be98db52c85b2106f3ea428376074e8bb830b5aaa2da9cfcd8119cf24125e860762ee58cacbd2982c488146cc0fe4d7e0965ce655892568cf65ae079

    • SSDEEP

      6144:fPuLAlEW2EQAgU82rCsBJ5BGVzE2AU+PWE:MAlEdEMUvCsPOxE24PV

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks