General

  • Target

    5564dc6499bf97b6f7f1da90051de10b06fe0fa41ce4aea648c5d0f0b2ad56b3N

  • Size

    4.4MB

  • Sample

    241112-e7tgmsyjen

  • MD5

    f7f68dfe6cca77e0db825121a8aa5940

  • SHA1

    8918bae90917d490bd2e656d002397c316981b97

  • SHA256

    5564dc6499bf97b6f7f1da90051de10b06fe0fa41ce4aea648c5d0f0b2ad56b3

  • SHA512

    4fe81fb812f595cf04b4f464f019d47f1d12ca6ce987308dd653e9a1b5124217e1d43d5735e5e5ce43bfeb424d628bfbe820a1434c089d5847ddecc864daa063

  • SSDEEP

    12288:9jlN3iwbihym2g7XO3LWUQfh4CoRQYZTWbDjJc9bk:9j1+gkE2fh4CoRX5SnW

Malware Config

Targets

    • Target

      5564dc6499bf97b6f7f1da90051de10b06fe0fa41ce4aea648c5d0f0b2ad56b3N

    • Size

      4.4MB

    • MD5

      f7f68dfe6cca77e0db825121a8aa5940

    • SHA1

      8918bae90917d490bd2e656d002397c316981b97

    • SHA256

      5564dc6499bf97b6f7f1da90051de10b06fe0fa41ce4aea648c5d0f0b2ad56b3

    • SHA512

      4fe81fb812f595cf04b4f464f019d47f1d12ca6ce987308dd653e9a1b5124217e1d43d5735e5e5ce43bfeb424d628bfbe820a1434c089d5847ddecc864daa063

    • SSDEEP

      12288:9jlN3iwbihym2g7XO3LWUQfh4CoRQYZTWbDjJc9bk:9j1+gkE2fh4CoRX5SnW

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks