General

  • Target

    e41f3a84ac4bf6211fccaad1eb7802a04203659512299290568f242346e7fa95

  • Size

    9.5MB

  • Sample

    241114-d7a5matkcz

  • MD5

    368fac6ce2973d7028f0a948b08a3890

  • SHA1

    6049fd059b1fa9fffb23c8951bfb8735f22e4d5c

  • SHA256

    e41f3a84ac4bf6211fccaad1eb7802a04203659512299290568f242346e7fa95

  • SHA512

    ab1facd73610b68e56016430b91a2d000c5b54e07e4769d85518da5c78eeb037fc37b63a9eb31f2f5e0310698c959fc69d5d1b2b781cb29060557f556398646e

  • SSDEEP

    196608:5h5ZujZZFpEgBDOZRHNrZ0WwPYwKmFSNse257H5jMe/NAWgd/i7D4/mO4y/i2GhB:53YOZzrJaSNsjMWgd/i7C/iHh4WxPf

Malware Config

Targets

    • Target

      e41f3a84ac4bf6211fccaad1eb7802a04203659512299290568f242346e7fa95

    • Size

      9.5MB

    • MD5

      368fac6ce2973d7028f0a948b08a3890

    • SHA1

      6049fd059b1fa9fffb23c8951bfb8735f22e4d5c

    • SHA256

      e41f3a84ac4bf6211fccaad1eb7802a04203659512299290568f242346e7fa95

    • SHA512

      ab1facd73610b68e56016430b91a2d000c5b54e07e4769d85518da5c78eeb037fc37b63a9eb31f2f5e0310698c959fc69d5d1b2b781cb29060557f556398646e

    • SSDEEP

      196608:5h5ZujZZFpEgBDOZRHNrZ0WwPYwKmFSNse257H5jMe/NAWgd/i7D4/mO4y/i2GhB:53YOZzrJaSNsjMWgd/i7C/iHh4WxPf

    • Renames multiple (317) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks