General

  • Target

    389a0f50ec58c7901c005b783d59149ba6d758da7c0afd097dc37cbfe2082100

  • Size

    3.5MB

  • Sample

    241112-z16hva1glj

  • MD5

    d4c6d3e7520373d4e03c2b03218a70c9

  • SHA1

    50f2b4c5b19cd75e630c78a5fe8d39ee942d9db3

  • SHA256

    389a0f50ec58c7901c005b783d59149ba6d758da7c0afd097dc37cbfe2082100

  • SHA512

    b646457004149e3f77743267eb63218e71e4dc5df91ff96adcf3939e082e34bcc57bb5aa18717d1f90a94f2633df1e12386b7e3d8b017e657ddc7649b17a47fc

  • SSDEEP

    49152:9wYFgOpr7wspHYHpLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrL:h6sp2LK3BDhtvS0Hpe4zbpaAKL

Malware Config

Targets

    • Target

      389a0f50ec58c7901c005b783d59149ba6d758da7c0afd097dc37cbfe2082100

    • Size

      3.5MB

    • MD5

      d4c6d3e7520373d4e03c2b03218a70c9

    • SHA1

      50f2b4c5b19cd75e630c78a5fe8d39ee942d9db3

    • SHA256

      389a0f50ec58c7901c005b783d59149ba6d758da7c0afd097dc37cbfe2082100

    • SHA512

      b646457004149e3f77743267eb63218e71e4dc5df91ff96adcf3939e082e34bcc57bb5aa18717d1f90a94f2633df1e12386b7e3d8b017e657ddc7649b17a47fc

    • SSDEEP

      49152:9wYFgOpr7wspHYHpLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrL:h6sp2LK3BDhtvS0Hpe4zbpaAKL

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks