General

  • Target

    c9866c46ff67b1e8df75b1202e48d1fa4a69db91c999bd67b69fa4e5463c0ee5.exe

  • Size

    5.4MB

  • Sample

    241112-2b18yasfmp

  • MD5

    1af8e4901edce2debc7b71db5d82fd1d

  • SHA1

    706ad129c454211c21b9ec44cf4b847c7014afba

  • SHA256

    c9866c46ff67b1e8df75b1202e48d1fa4a69db91c999bd67b69fa4e5463c0ee5

  • SHA512

    7411fcfb4c4ebb31cd75d79edf0fcc84576b4ee15300c977e0ea32cd9667b5fd06bdb02a4cf38715e3831876ad7667322097f0581d680de6a739203a680c4501

  • SSDEEP

    49152:9A+dy0ZScIBqBT11s9GY568MNwu4acTC3ZvFXkP5VugzsIY4:O+dy0ZScIBqBT116EHcTeqqIb

Malware Config

Targets

    • Target

      c9866c46ff67b1e8df75b1202e48d1fa4a69db91c999bd67b69fa4e5463c0ee5.exe

    • Size

      5.4MB

    • MD5

      1af8e4901edce2debc7b71db5d82fd1d

    • SHA1

      706ad129c454211c21b9ec44cf4b847c7014afba

    • SHA256

      c9866c46ff67b1e8df75b1202e48d1fa4a69db91c999bd67b69fa4e5463c0ee5

    • SHA512

      7411fcfb4c4ebb31cd75d79edf0fcc84576b4ee15300c977e0ea32cd9667b5fd06bdb02a4cf38715e3831876ad7667322097f0581d680de6a739203a680c4501

    • SSDEEP

      49152:9A+dy0ZScIBqBT11s9GY568MNwu4acTC3ZvFXkP5VugzsIY4:O+dy0ZScIBqBT116EHcTeqqIb

    • Renames multiple (318) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks