General

  • Target

    753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0

  • Size

    947KB

  • Sample

    241115-sr3x2azmhq

  • MD5

    363a3101592ff290bc8534210e68cd3a

  • SHA1

    9be2a38c3b201d1948dc1e99bfc75bf51a44a560

  • SHA256

    753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0

  • SHA512

    7714733f3a0559752b4f76417c0678c4f6e2a8b59d5d7508f1f9128fc4227638e618d4a3a7176598729320f7d6a818b5c042b150539142c0cd2eccb34bbb57bb

  • SSDEEP

    12288:je27m2BiKovLmvCLBqMnD/etIfaOrXecGgLSm1XLRJFGHd5Q4PVm4Ruf:K27RilvLmvODGtyaOrecGgx1SPHU

Malware Config

Targets

    • Target

      753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0

    • Size

      947KB

    • MD5

      363a3101592ff290bc8534210e68cd3a

    • SHA1

      9be2a38c3b201d1948dc1e99bfc75bf51a44a560

    • SHA256

      753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0

    • SHA512

      7714733f3a0559752b4f76417c0678c4f6e2a8b59d5d7508f1f9128fc4227638e618d4a3a7176598729320f7d6a818b5c042b150539142c0cd2eccb34bbb57bb

    • SSDEEP

      12288:je27m2BiKovLmvCLBqMnD/etIfaOrXecGgLSm1XLRJFGHd5Q4PVm4Ruf:K27RilvLmvODGtyaOrecGgx1SPHU

    • Renames multiple (8585) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks