General

  • Target

    9a47ab27d50df1faba1dc5777bdcfff576524424bc4a3364d33267bbcf8a3896

  • Size

    165KB

  • Sample

    241114-ldfr1swmbw

  • MD5

    14a0ecf45aa72adb2b1f2ccca99f6faa

  • SHA1

    01376fdcbd0e2063836ec2b075241587d7a56cdb

  • SHA256

    9a47ab27d50df1faba1dc5777bdcfff576524424bc4a3364d33267bbcf8a3896

  • SHA512

    7969cbcf77264ebca4303f9aefbe54ac4c9e1755bf29e7945b3db52a60f5ca458a744bb326f351102eeb0eac1296e2e17e7ce412114f587a2307d716cefc9037

  • SSDEEP

    3072:l7v9etA6pzarOLgSua/iw6kzgm0Ip1qHlBxpN/FaV0jZB6SbFW2CT75I8Buowhvg:ljm0IpqlBxpN/Fd5bFWLT7mM7wMF3+k1

Malware Config

Targets

    • Target

      9a47ab27d50df1faba1dc5777bdcfff576524424bc4a3364d33267bbcf8a3896

    • Size

      165KB

    • MD5

      14a0ecf45aa72adb2b1f2ccca99f6faa

    • SHA1

      01376fdcbd0e2063836ec2b075241587d7a56cdb

    • SHA256

      9a47ab27d50df1faba1dc5777bdcfff576524424bc4a3364d33267bbcf8a3896

    • SHA512

      7969cbcf77264ebca4303f9aefbe54ac4c9e1755bf29e7945b3db52a60f5ca458a744bb326f351102eeb0eac1296e2e17e7ce412114f587a2307d716cefc9037

    • SSDEEP

      3072:l7v9etA6pzarOLgSua/iw6kzgm0Ip1qHlBxpN/FaV0jZB6SbFW2CT75I8Buowhvg:ljm0IpqlBxpN/Fd5bFWLT7mM7wMF3+k1

    • Renames multiple (353) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks