General

  • Target

    what I want to say to you.exe.bin

  • Size

    7.7MB

  • Sample

    241112-j35rbsydmb

  • MD5

    49927d5154b5368433496370ee24bc36

  • SHA1

    330873dfe1211cfeb366ab05691b894bdb7b3e51

  • SHA256

    c8bc88f5eeec657d4726a5643d42f2a47b6c1508dfff13ecd0537542e645501d

  • SHA512

    073896e9a25f8c0a5cd299573382d5d73263a552460380675eb9b67006e721df295f32d673797eef4a48e6a6594066d38773d153505a2d074b4480a57d44417f

  • SSDEEP

    49152:QhoC3jPDJj7gPD4VAs6IZdW9X2HcfclCtkDvW0Ic0kzeWKnC4KgtDuv7zTfLVkrR:0RjUiAp3t0jzeVCstAc5

Malware Config

Targets

    • Target

      what I want to say to you.exe.bin

    • Size

      7.7MB

    • MD5

      49927d5154b5368433496370ee24bc36

    • SHA1

      330873dfe1211cfeb366ab05691b894bdb7b3e51

    • SHA256

      c8bc88f5eeec657d4726a5643d42f2a47b6c1508dfff13ecd0537542e645501d

    • SHA512

      073896e9a25f8c0a5cd299573382d5d73263a552460380675eb9b67006e721df295f32d673797eef4a48e6a6594066d38773d153505a2d074b4480a57d44417f

    • SSDEEP

      49152:QhoC3jPDJj7gPD4VAs6IZdW9X2HcfclCtkDvW0Ic0kzeWKnC4KgtDuv7zTfLVkrR:0RjUiAp3t0jzeVCstAc5

    • Renames multiple (183) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • A potential corporate email address has been identified in the URL: 04b595bffd12e0a823ba02b7b933d4870182477f.png@800w_512h_!web-home-carousel-cover.webp

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Deobfuscate/Decode Files or Information

      Payload decoded via CertUtil.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks