General

  • Target

    6df69c7538a75b531e0683ead640106af26ede6f3db81fb95f3c39d6c7eb04ddN.exe

  • Size

    4.4MB

  • Sample

    241114-e4js2avcrq

  • MD5

    35154e1f8e3cbdf0ff1cddaddfe8d2ee

  • SHA1

    0333d781126ef6bf8dde494b7c440ad8c4825b40

  • SHA256

    fda82850f4f2f51a2936fc6fb4b37136164721a4dc02f3aeb749c9ffd6d177a3

  • SHA512

    3dbf8543f7b4677c825221f31aff48229fecb2756cdd1c36ba0cdaadd7800d8045009393c31f5d77c6500f7c8378b3c8ff1bee275afd6757cb67537ac9d974bd

  • SSDEEP

    24576:9jgHmtikoCt9pDv2cPUcfOLIYafydm2FxvNEtXcPCl9AuDF5zUPGLG5SvAMZAMgc:9cHPC7Zv2cPUmO0eDxvW9cPy9AuDzYc

Malware Config

Targets

    • Target

      6df69c7538a75b531e0683ead640106af26ede6f3db81fb95f3c39d6c7eb04ddN.exe

    • Size

      4.4MB

    • MD5

      35154e1f8e3cbdf0ff1cddaddfe8d2ee

    • SHA1

      0333d781126ef6bf8dde494b7c440ad8c4825b40

    • SHA256

      fda82850f4f2f51a2936fc6fb4b37136164721a4dc02f3aeb749c9ffd6d177a3

    • SHA512

      3dbf8543f7b4677c825221f31aff48229fecb2756cdd1c36ba0cdaadd7800d8045009393c31f5d77c6500f7c8378b3c8ff1bee275afd6757cb67537ac9d974bd

    • SSDEEP

      24576:9jgHmtikoCt9pDv2cPUcfOLIYafydm2FxvNEtXcPCl9AuDF5zUPGLG5SvAMZAMgc:9cHPC7Zv2cPUmO0eDxvW9cPy9AuDzYc

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks