General

  • Target

    cf2748dbfeb2a41fbb883e2b80cb1a8050ae577a8a5541bcf20c85f4346c350c.exe

  • Size

    4.2MB

  • Sample

    241114-gkefbavfla

  • MD5

    6e55cf74c75f9e1887ddd6f2389502ea

  • SHA1

    08a039770d20934d347a6c17f90838c4b4bde0dd

  • SHA256

    cf2748dbfeb2a41fbb883e2b80cb1a8050ae577a8a5541bcf20c85f4346c350c

  • SHA512

    0698791f4111a20811997a4a749943817b8aa15f3c621a48ea5137a55c9c919acaeb4d8b3c573471fa29cdb48842f3a8d68f9f609efcf2f8f5c17f165c411928

  • SSDEEP

    49152:9kBwFbfscEmKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160c:OB+o1c0tkStykq160c

Malware Config

Targets

    • Target

      cf2748dbfeb2a41fbb883e2b80cb1a8050ae577a8a5541bcf20c85f4346c350c.exe

    • Size

      4.2MB

    • MD5

      6e55cf74c75f9e1887ddd6f2389502ea

    • SHA1

      08a039770d20934d347a6c17f90838c4b4bde0dd

    • SHA256

      cf2748dbfeb2a41fbb883e2b80cb1a8050ae577a8a5541bcf20c85f4346c350c

    • SHA512

      0698791f4111a20811997a4a749943817b8aa15f3c621a48ea5137a55c9c919acaeb4d8b3c573471fa29cdb48842f3a8d68f9f609efcf2f8f5c17f165c411928

    • SSDEEP

      49152:9kBwFbfscEmKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160c:OB+o1c0tkStykq160c

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks