General

  • Target

    IndrasLock.exe

  • Size

    120.6MB

  • Sample

    241112-2nzwmssgpr

  • MD5

    fb2cab1db6333ccca939de6c56b90dbe

  • SHA1

    7a805d3639f3c9fd06167a976b30675ffdecfedd

  • SHA256

    20114329e2e82ffee6e51a8e39df132a4c4cbdf3a8b74b16b85b7b5626f6d76a

  • SHA512

    3779d0b5646747dc18538eb26404b1df9d3c84847a5d3b217c3f9d7e87da8b45fac51954079b047177df9849d8981c593f2e83133826b4e1390956d86ee81fa4

  • SSDEEP

    3145728:YzoRRxEo53x2rm9BIbqrWd62z/ei3Mlqt8h3FkX:Y2R/53xhydd62zWiclazX

Malware Config

Targets

    • Target

      IndrasLock.exe

    • Size

      120.6MB

    • MD5

      fb2cab1db6333ccca939de6c56b90dbe

    • SHA1

      7a805d3639f3c9fd06167a976b30675ffdecfedd

    • SHA256

      20114329e2e82ffee6e51a8e39df132a4c4cbdf3a8b74b16b85b7b5626f6d76a

    • SHA512

      3779d0b5646747dc18538eb26404b1df9d3c84847a5d3b217c3f9d7e87da8b45fac51954079b047177df9849d8981c593f2e83133826b4e1390956d86ee81fa4

    • SSDEEP

      3145728:YzoRRxEo53x2rm9BIbqrWd62z/ei3Mlqt8h3FkX:Y2R/53xhydd62zWiclazX

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

MITRE ATT&CK Enterprise v15

Tasks