General

  • Target

    deus.exe

  • Size

    28.9MB

  • Sample

    241115-mrazcswqbk

  • MD5

    ea203c5b6bcbfe8feeaad684828885c1

  • SHA1

    aefe4e14ff3b3b14f233fd27400c512ae953f30d

  • SHA256

    6d57fb60c5269ba3998951103e097f597d97caba5e573c680243a1d60d23acb6

  • SHA512

    c01afb7d4a0abb70d450f753a844dee2eba5d68db9b7132e989d31a7d1c09db1d485867fe58a8a8e9026916f1876beabd42b7617d2fe44192c1dc028d91e9c95

  • SSDEEP

    786432:w5STYxW81+3hrsXMb8kxBZkxpQgR+yhOj/6+3ao:wTxW93hrscr3yxp/R+ysvao

Malware Config

Targets

    • Target

      deus.exe

    • Size

      28.9MB

    • MD5

      ea203c5b6bcbfe8feeaad684828885c1

    • SHA1

      aefe4e14ff3b3b14f233fd27400c512ae953f30d

    • SHA256

      6d57fb60c5269ba3998951103e097f597d97caba5e573c680243a1d60d23acb6

    • SHA512

      c01afb7d4a0abb70d450f753a844dee2eba5d68db9b7132e989d31a7d1c09db1d485867fe58a8a8e9026916f1876beabd42b7617d2fe44192c1dc028d91e9c95

    • SSDEEP

      786432:w5STYxW81+3hrsXMb8kxBZkxpQgR+yhOj/6+3ao:wTxW93hrscr3yxp/R+ysvao

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks