General

  • Target

    efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1N

  • Size

    3.5MB

  • Sample

    241106-hdjxwswfjl

  • MD5

    ccb4828e7ff72822563feb3eb9114340

  • SHA1

    313a06b897687212dba984f99a71601dcc05e422

  • SHA256

    efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1

  • SHA512

    7bd5650f33933352b81b5a420aa9666907b8365f38c18616b3c1586e5d405fb8c46fc89d3988a8e6e5b77dfd5dc2f8e1e2962aa3b7c153939af488ec3ceacf06

  • SSDEEP

    49152:9NkEaSgO5QH6fFf75PwLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrL:BaZ2/wLK3BDhtvS0Hpe4zbpaAKL

Malware Config

Targets

    • Target

      efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1N

    • Size

      3.5MB

    • MD5

      ccb4828e7ff72822563feb3eb9114340

    • SHA1

      313a06b897687212dba984f99a71601dcc05e422

    • SHA256

      efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1

    • SHA512

      7bd5650f33933352b81b5a420aa9666907b8365f38c18616b3c1586e5d405fb8c46fc89d3988a8e6e5b77dfd5dc2f8e1e2962aa3b7c153939af488ec3ceacf06

    • SSDEEP

      49152:9NkEaSgO5QH6fFf75PwLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrL:BaZ2/wLK3BDhtvS0Hpe4zbpaAKL

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks