General

  • Target

    fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474

  • Size

    7.8MB

  • Sample

    241114-e7mdbsvclf

  • MD5

    822b2cb104c5346ae0b4c3b0e74a4fd4

  • SHA1

    f2059bc2f0f6d78530a7f9e0d17f6153f3501773

  • SHA256

    fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474

  • SHA512

    41a5f514bdc75b4eb8ad42f23ac5d530ac72bfbd7ccd7ce09664af1c08c6ae3f33a508fc54c1ad6768b1494fee2dba9a4c69fe3293a4cdb76bbded9df2f26cc0

  • SSDEEP

    49152:91Bu60nMqfFLHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOuw:Oos45gaHrhdw3D7nTsReRR9e

Malware Config

Targets

    • Target

      fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474

    • Size

      7.8MB

    • MD5

      822b2cb104c5346ae0b4c3b0e74a4fd4

    • SHA1

      f2059bc2f0f6d78530a7f9e0d17f6153f3501773

    • SHA256

      fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474

    • SHA512

      41a5f514bdc75b4eb8ad42f23ac5d530ac72bfbd7ccd7ce09664af1c08c6ae3f33a508fc54c1ad6768b1494fee2dba9a4c69fe3293a4cdb76bbded9df2f26cc0

    • SSDEEP

      49152:91Bu60nMqfFLHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOuw:Oos45gaHrhdw3D7nTsReRR9e

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks