General

  • Target

    d9fb3c2700518d86055aafddeb845e9a10f8d41617cf45e9d17ea6c98dddfd18

  • Size

    564KB

  • Sample

    241115-c8znyaxerd

  • MD5

    7e023efe882391820e9cd63bfcdc94ef

  • SHA1

    785f0bda1ab514f082f4b135b82ca09b790a2558

  • SHA256

    d9fb3c2700518d86055aafddeb845e9a10f8d41617cf45e9d17ea6c98dddfd18

  • SHA512

    6cbfb6644ace2a92abb658cb268c8f107388e8922a3d7711499e73108d6ad08b6f08865db1f41522d99fc00bc63726b4f790ea61e288be819b26f3e8df308d57

  • SSDEEP

    12288:gVgIv17lia/eNZdHEAtqdJLfDWKCjM1TJwVC0B+F:oknEAsdhfDWKCGsC0

Malware Config

Targets

    • Target

      d9fb3c2700518d86055aafddeb845e9a10f8d41617cf45e9d17ea6c98dddfd18

    • Size

      564KB

    • MD5

      7e023efe882391820e9cd63bfcdc94ef

    • SHA1

      785f0bda1ab514f082f4b135b82ca09b790a2558

    • SHA256

      d9fb3c2700518d86055aafddeb845e9a10f8d41617cf45e9d17ea6c98dddfd18

    • SHA512

      6cbfb6644ace2a92abb658cb268c8f107388e8922a3d7711499e73108d6ad08b6f08865db1f41522d99fc00bc63726b4f790ea61e288be819b26f3e8df308d57

    • SSDEEP

      12288:gVgIv17lia/eNZdHEAtqdJLfDWKCjM1TJwVC0B+F:oknEAsdhfDWKCGsC0

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (80) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks