General

  • Target

    0706d078c056f46d127b50e3507d934179721c1d469e1871a3976f1e6a58d2f4

  • Size

    5.4MB

  • Sample

    241119-xz62wazhqc

  • MD5

    c6973ca81aafa2e5c4ab3ee1a5031259

  • SHA1

    bdf19d51ddff557bc0ee16edaa18047f720def45

  • SHA256

    0706d078c056f46d127b50e3507d934179721c1d469e1871a3976f1e6a58d2f4

  • SHA512

    7c6b99dc79a6afedb76120e764b5b0139fd63e844280cf9be02aa885bf3f990820599b1a01441710b9e662df122c069bea68da83d4a0b2be2e74f2c2c656434e

  • SSDEEP

    49152:9PzNrv5kEaSnnIkTrLyLSiZn9nnbnGHLvKLA8VgbKW2llxobcJOu2Qt7Y3I/BHI:zHahk/uGuFSHrhdwC

Malware Config

Targets

    • Target

      0706d078c056f46d127b50e3507d934179721c1d469e1871a3976f1e6a58d2f4

    • Size

      5.4MB

    • MD5

      c6973ca81aafa2e5c4ab3ee1a5031259

    • SHA1

      bdf19d51ddff557bc0ee16edaa18047f720def45

    • SHA256

      0706d078c056f46d127b50e3507d934179721c1d469e1871a3976f1e6a58d2f4

    • SHA512

      7c6b99dc79a6afedb76120e764b5b0139fd63e844280cf9be02aa885bf3f990820599b1a01441710b9e662df122c069bea68da83d4a0b2be2e74f2c2c656434e

    • SSDEEP

      49152:9PzNrv5kEaSnnIkTrLyLSiZn9nnbnGHLvKLA8VgbKW2llxobcJOu2Qt7Y3I/BHI:zHahk/uGuFSHrhdwC

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks