General

  • Target

    c6620aa30209491d38cb1744df803ee0b1dae2ce039feb98d7d164efeaa5ddaf

  • Size

    4.3MB

  • Sample

    241115-cjst4awmcw

  • MD5

    baed8ac178a7fdaabd26780271dc018a

  • SHA1

    48e4149bfc44eaef71ba4304cf64d6e4a8a77a6c

  • SHA256

    c6620aa30209491d38cb1744df803ee0b1dae2ce039feb98d7d164efeaa5ddaf

  • SHA512

    b9c6bbd7f3c764972e42b97fd14dfcd2b61d79190b5ef583780fdd56bfd90b8098b517731b35949d233a0cf3bc58bd1fcb85ab5a9249bf8ac254f738ea7171f0

  • SSDEEP

    24576:9joHvxn6kE2fh4Copwkx2KdcPCl9AuDF5zUPGLG5SvAMZAMg9:9cPskEaSkkx2KiPy9AuDzY

Malware Config

Targets

    • Target

      c6620aa30209491d38cb1744df803ee0b1dae2ce039feb98d7d164efeaa5ddaf

    • Size

      4.3MB

    • MD5

      baed8ac178a7fdaabd26780271dc018a

    • SHA1

      48e4149bfc44eaef71ba4304cf64d6e4a8a77a6c

    • SHA256

      c6620aa30209491d38cb1744df803ee0b1dae2ce039feb98d7d164efeaa5ddaf

    • SHA512

      b9c6bbd7f3c764972e42b97fd14dfcd2b61d79190b5ef583780fdd56bfd90b8098b517731b35949d233a0cf3bc58bd1fcb85ab5a9249bf8ac254f738ea7171f0

    • SSDEEP

      24576:9joHvxn6kE2fh4Copwkx2KdcPCl9AuDF5zUPGLG5SvAMZAMg9:9cPskEaSkkx2KiPy9AuDzY

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks