General

  • Target

    24.9.3 fix 2 pass is 1.zip

  • Size

    9.0MB

  • Sample

    241107-kewdes1qeq

  • MD5

    3bed3fe28d72630ae17df3bb13f536e9

  • SHA1

    751c3a29d102a0360be6db6141d3d74e2785879e

  • SHA256

    4729398f2c65f7c023e78e0b90950a7398e1556f3411e3ad503011c84a57b796

  • SHA512

    f8cba2527f7a75d0624a0cd22ced1ab0e0a92deb8a58b63335beedb1d94c6ecd282eb959e212085cc70e29886314393db39cf046624ba0a2aa7ff8933ac8bf1b

  • SSDEEP

    196608:v1YiBvEubOO+RylGtphKmxVTdLvU36E7TAiVeVFEnpDU:v175ESOOAhlz+X48eVFEm

Malware Config

Targets

    • Target

      24.9.3 fix 2 pass is 1.zip

    • Size

      9.0MB

    • MD5

      3bed3fe28d72630ae17df3bb13f536e9

    • SHA1

      751c3a29d102a0360be6db6141d3d74e2785879e

    • SHA256

      4729398f2c65f7c023e78e0b90950a7398e1556f3411e3ad503011c84a57b796

    • SHA512

      f8cba2527f7a75d0624a0cd22ced1ab0e0a92deb8a58b63335beedb1d94c6ecd282eb959e212085cc70e29886314393db39cf046624ba0a2aa7ff8933ac8bf1b

    • SSDEEP

      196608:v1YiBvEubOO+RylGtphKmxVTdLvU36E7TAiVeVFEnpDU:v175ESOOAhlz+X48eVFEm

    • Renames multiple (51) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Detected potential entity reuse from brand STEAM.

MITRE ATT&CK Enterprise v15

Tasks