General
-
Target
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.exe
-
Size
418KB
-
Sample
241120-cgb4kasphp
-
MD5
2dd7cd2bf15eec7d62689435fca9c49c
-
SHA1
7db52047c72529d27a39f2e1a9ffb8f1f0ddc774
-
SHA256
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570
-
SHA512
29f9129320d8c1223a7a9a9dde3c0f7f0d28de734aa2c960d3f0a80b64af1f60291e6fa59279cab6a1fecc6e12e9ef565440452c0bb6632c3d28b8c119144389
-
SSDEEP
12288:FnvxplpMAX99S4B009MqyQMKNT7jZBWfAD8xE:FvxplpMAtU4Bl9MdQFT79BWIoS
Static task
static1
Behavioral task
behavioral1
Sample
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
dragonforce
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Targets
-
-
Target
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.exe
-
Size
418KB
-
MD5
2dd7cd2bf15eec7d62689435fca9c49c
-
SHA1
7db52047c72529d27a39f2e1a9ffb8f1f0ddc774
-
SHA256
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570
-
SHA512
29f9129320d8c1223a7a9a9dde3c0f7f0d28de734aa2c960d3f0a80b64af1f60291e6fa59279cab6a1fecc6e12e9ef565440452c0bb6632c3d28b8c119144389
-
SSDEEP
12288:FnvxplpMAX99S4B009MqyQMKNT7jZBWfAD8xE:FvxplpMAtU4Bl9MdQFT79BWIoS
-
DragonForce
Ransomware family based on Lockbit that was first observed in November 2023.
-
Dragonforce family
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1