General

  • Target

    a4426d13b4d05d7c7b54e94c5309411aa84c1c555383e61033d466a2df6efe0a.exe

  • Size

    476KB

  • Sample

    241112-17hwsssenh

  • MD5

    6c280115611ddf4bca8fffef8487136b

  • SHA1

    31563be226ffd97af1da4ad96a76a98535e6321c

  • SHA256

    a4426d13b4d05d7c7b54e94c5309411aa84c1c555383e61033d466a2df6efe0a

  • SHA512

    7309fed08f8714f22b5c3d7bc31056f114be6085e6d5bdfc8fd5d4e4c7435f4f5524c63a079d8cf67c24e30f0362dfa0efda631c03b57ae6e55361a52a477f1a

  • SSDEEP

    12288:3PvYS9mTaidAWWuqugK5R3Ag6U1ZNnztlEOI+xcRlfwI:d9yqWVgCwA1rnztlEOXxcRlfwI

Malware Config

Targets

    • Target

      a4426d13b4d05d7c7b54e94c5309411aa84c1c555383e61033d466a2df6efe0a.exe

    • Size

      476KB

    • MD5

      6c280115611ddf4bca8fffef8487136b

    • SHA1

      31563be226ffd97af1da4ad96a76a98535e6321c

    • SHA256

      a4426d13b4d05d7c7b54e94c5309411aa84c1c555383e61033d466a2df6efe0a

    • SHA512

      7309fed08f8714f22b5c3d7bc31056f114be6085e6d5bdfc8fd5d4e4c7435f4f5524c63a079d8cf67c24e30f0362dfa0efda631c03b57ae6e55361a52a477f1a

    • SSDEEP

      12288:3PvYS9mTaidAWWuqugK5R3Ag6U1ZNnztlEOI+xcRlfwI:d9yqWVgCwA1rnztlEOXxcRlfwI

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (72) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks