General

  • Target

    dcfa8498eb67f39f7c0d3688ecfeb16f13e221a39048a859273a92cbb49ce1c1

  • Size

    166KB

  • Sample

    241112-ej8awstkhw

  • MD5

    cb5fb95befafcdd3e890f506f9b140f7

  • SHA1

    bcec64e4d8668c3ed98b1f79f017fbee0a7cdbe7

  • SHA256

    dcfa8498eb67f39f7c0d3688ecfeb16f13e221a39048a859273a92cbb49ce1c1

  • SHA512

    5c1b07bb8198e6b6c06bbc2b9f699af8907e3144b7b64d551d94e8025ac61b8a95847f5f0aafd3e89bba9bc24af122100072ddd6a6a70b8c926f7daa61a3587c

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxk7Zf/FAxTWY1++PJHJXA/OsIZfzc3i:fnyiQSo1nyiQSo9

Malware Config

Targets

    • Target

      dcfa8498eb67f39f7c0d3688ecfeb16f13e221a39048a859273a92cbb49ce1c1

    • Size

      166KB

    • MD5

      cb5fb95befafcdd3e890f506f9b140f7

    • SHA1

      bcec64e4d8668c3ed98b1f79f017fbee0a7cdbe7

    • SHA256

      dcfa8498eb67f39f7c0d3688ecfeb16f13e221a39048a859273a92cbb49ce1c1

    • SHA512

      5c1b07bb8198e6b6c06bbc2b9f699af8907e3144b7b64d551d94e8025ac61b8a95847f5f0aafd3e89bba9bc24af122100072ddd6a6a70b8c926f7daa61a3587c

    • SSDEEP

      1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxk7Zf/FAxTWY1++PJHJXA/OsIZfzc3i:fnyiQSo1nyiQSo9

    • Renames multiple (3618) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks