General
-
Target
d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3.exe
-
Size
465KB
-
Sample
241119-q3x5taxdrl
-
MD5
e4a4fc96188310b7b07e7c0525b5c0aa
-
SHA1
81185dd73f2e042a947a1bf77f429de08778b6e9
-
SHA256
d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3
-
SHA512
72d27e3019954c3c98b8912842c42ee1fe5af5ca7b9717f7ee8bb61f16528c374f883f4b9697c1805ea59a5e854e4aa53aa6cfe06d87d87b181dd12def7d61d6
-
SSDEEP
12288:HZph8TCfS9dQ1GH4wKcmY8FYkEv+NTjUU1GaJyixE:HZpCTCfS9dQ104wdV8FImTjUYGViS
Static task
static1
Behavioral task
behavioral1
Sample
d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
dragonforce
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Extracted
C:\ProgramData\readme.txt
dragonforce
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Targets
-
-
Target
d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3.exe
-
Size
465KB
-
MD5
e4a4fc96188310b7b07e7c0525b5c0aa
-
SHA1
81185dd73f2e042a947a1bf77f429de08778b6e9
-
SHA256
d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3
-
SHA512
72d27e3019954c3c98b8912842c42ee1fe5af5ca7b9717f7ee8bb61f16528c374f883f4b9697c1805ea59a5e854e4aa53aa6cfe06d87d87b181dd12def7d61d6
-
SSDEEP
12288:HZph8TCfS9dQ1GH4wKcmY8FYkEv+NTjUU1GaJyixE:HZpCTCfS9dQ104wdV8FImTjUYGViS
-
DragonForce
Ransomware family based on Lockbit that was first observed in November 2023.
-
Dragonforce family
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1