General

  • Target

    2f823f8d90b8111c42438cf2ff131de94dc335a23247893c9a5cc30f5e6e1584N.exe

  • Size

    4.2MB

  • Sample

    241114-g4pqdsvkey

  • MD5

    fd1836247c12599abb5424a181f4c5b0

  • SHA1

    a74fba2cda7ed8bd5d003834653575d036796a24

  • SHA256

    2f823f8d90b8111c42438cf2ff131de94dc335a23247893c9a5cc30f5e6e1584

  • SHA512

    311cb9227e1150601b51d35ce525c5f8bd1756d1176e0113abf5b94b5ae72e4390669da9d48585b5aacbceb8739cca03c3ac9f44d71a8e2e46becda1be72076b

  • SSDEEP

    49152:9AdqzBwFbfscEmKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160E:eQB+o1c0tkStykq160E

Malware Config

Targets

    • Target

      2f823f8d90b8111c42438cf2ff131de94dc335a23247893c9a5cc30f5e6e1584N.exe

    • Size

      4.2MB

    • MD5

      fd1836247c12599abb5424a181f4c5b0

    • SHA1

      a74fba2cda7ed8bd5d003834653575d036796a24

    • SHA256

      2f823f8d90b8111c42438cf2ff131de94dc335a23247893c9a5cc30f5e6e1584

    • SHA512

      311cb9227e1150601b51d35ce525c5f8bd1756d1176e0113abf5b94b5ae72e4390669da9d48585b5aacbceb8739cca03c3ac9f44d71a8e2e46becda1be72076b

    • SSDEEP

      49152:9AdqzBwFbfscEmKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160E:eQB+o1c0tkStykq160E

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks