General

  • Target

    68e19cc0064fbf06f9ec4d8439c30a2ee35709add951a4aed5e90e626e0b3716.exe

  • Size

    7.8MB

  • Sample

    241114-j6q3cawdja

  • MD5

    56a2687fd7521d3933a9a2a467b7c457

  • SHA1

    e8afe2cd9c8851aecf3a6686c164758e349d857d

  • SHA256

    68e19cc0064fbf06f9ec4d8439c30a2ee35709add951a4aed5e90e626e0b3716

  • SHA512

    2b0f2ce72853c505078806006bb05b304e56d047f40e31ddec5d15cdd18ad00445b6d1b46aa50a2c2d18e83b9542c5776ad00eed72779f55ddd114bcd0eb5cb9

  • SSDEEP

    49152:9RHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOu2Qt7Y3I/BHC:bos45gaHrhdw3D7nTsReRR9+

Malware Config

Targets

    • Target

      68e19cc0064fbf06f9ec4d8439c30a2ee35709add951a4aed5e90e626e0b3716.exe

    • Size

      7.8MB

    • MD5

      56a2687fd7521d3933a9a2a467b7c457

    • SHA1

      e8afe2cd9c8851aecf3a6686c164758e349d857d

    • SHA256

      68e19cc0064fbf06f9ec4d8439c30a2ee35709add951a4aed5e90e626e0b3716

    • SHA512

      2b0f2ce72853c505078806006bb05b304e56d047f40e31ddec5d15cdd18ad00445b6d1b46aa50a2c2d18e83b9542c5776ad00eed72779f55ddd114bcd0eb5cb9

    • SSDEEP

      49152:9RHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOu2Qt7Y3I/BHC:bos45gaHrhdw3D7nTsReRR9+

    • Renames multiple (317) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks