General

  • Target

    7a7a459b19660e44b8ad8be8fe6f4bdb70ce3bed5840dd96f84fd1c844032512.exe

  • Size

    4.4MB

  • Sample

    241112-yxe12stkgr

  • MD5

    038ac592878205126163f47869568348

  • SHA1

    37441177fa579659b473dc4867bf1b7444bbab21

  • SHA256

    7a7a459b19660e44b8ad8be8fe6f4bdb70ce3bed5840dd96f84fd1c844032512

  • SHA512

    c500b81af07201987eee5c66179cbb1ff4ec1b4aa89c0abfac0ebf1a42a47de7bdf299faecc3645b62ce0a02dc73ddc561ca794652b9d3147a5abb913bf11e74

  • SSDEEP

    24576:9jgHmtikoCt9pDv2cPUcfOLIYafydm2FxvNEtXcPCl9AuDF5zUPGLG5SvAMZAMgw:9cHPC7Zv2cPUmO0eDxvW9cPy9AuDzYw

Malware Config

Targets

    • Target

      7a7a459b19660e44b8ad8be8fe6f4bdb70ce3bed5840dd96f84fd1c844032512.exe

    • Size

      4.4MB

    • MD5

      038ac592878205126163f47869568348

    • SHA1

      37441177fa579659b473dc4867bf1b7444bbab21

    • SHA256

      7a7a459b19660e44b8ad8be8fe6f4bdb70ce3bed5840dd96f84fd1c844032512

    • SHA512

      c500b81af07201987eee5c66179cbb1ff4ec1b4aa89c0abfac0ebf1a42a47de7bdf299faecc3645b62ce0a02dc73ddc561ca794652b9d3147a5abb913bf11e74

    • SSDEEP

      24576:9jgHmtikoCt9pDv2cPUcfOLIYafydm2FxvNEtXcPCl9AuDF5zUPGLG5SvAMZAMgw:9cHPC7Zv2cPUmO0eDxvW9cPy9AuDzYw

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks