General
-
Target
2024-11-21_58927a69657702c9ba253080a8055979_bitrat_cobalt-strike_venus-locker
-
Size
513KB
-
Sample
241121-ep2qaszapk
-
MD5
58927a69657702c9ba253080a8055979
-
SHA1
beacef5ddb4a5f27d104b1ef41958bd4d5753375
-
SHA256
40786a54e15726f80eb14b1433834a0a34e7b220ea2f6790b1dcc20827083b80
-
SHA512
7e8fd932d2f8b710f3c7202e45dd826d0319963dda1cb3091a70a11db0ae7fade9f1f1e27ce9c5621badc54054fde175603de14533efc63bbec94c3d55359aed
-
SSDEEP
6144:0dKyZEYF+JAm3tdLVOE7O9l+ZMz9LB5V0QE6BkLrHlPIyZRAO4V50DEroE0Rjp13:0diYF+JAm3tdLVOigz9dXtVmLr71DL
Malware Config
Targets
-
-
Target
2024-11-21_58927a69657702c9ba253080a8055979_bitrat_cobalt-strike_venus-locker
-
Size
513KB
-
MD5
58927a69657702c9ba253080a8055979
-
SHA1
beacef5ddb4a5f27d104b1ef41958bd4d5753375
-
SHA256
40786a54e15726f80eb14b1433834a0a34e7b220ea2f6790b1dcc20827083b80
-
SHA512
7e8fd932d2f8b710f3c7202e45dd826d0319963dda1cb3091a70a11db0ae7fade9f1f1e27ce9c5621badc54054fde175603de14533efc63bbec94c3d55359aed
-
SSDEEP
6144:0dKyZEYF+JAm3tdLVOE7O9l+ZMz9LB5V0QE6BkLrHlPIyZRAO4V50DEroE0Rjp13:0diYF+JAm3tdLVOigz9dXtVmLr71DL
Score9/10-
Renames multiple (16966) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1