General
-
Target
98f0350f431d8c3db3ac7933591f74cc0c57ceb85244def4486c53ebe81e5cfd
-
Size
49KB
-
Sample
241211-eq3zrawlbs
-
MD5
1927233e15109e714a3d210a61aba67d
-
SHA1
9bf15ed011709d4c1f3a9c9730022eb0979b4247
-
SHA256
98f0350f431d8c3db3ac7933591f74cc0c57ceb85244def4486c53ebe81e5cfd
-
SHA512
3410c5b90472c32460659fa685503fe878fe3823fcb8e8a009447c6d89c81a15d43b89eb811e0c7800bf1af5561823e2c125df23718ae83a89a9edf47e0706f8
-
SSDEEP
768:saQRff+B31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YADEewN4cVoSLXQR:saB318HxZATvnsblYOEe9Z
Behavioral task
behavioral1
Sample
98f0350f431d8c3db3ac7933591f74cc0c57ceb85244def4486c53ebe81e5cfd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
98f0350f431d8c3db3ac7933591f74cc0c57ceb85244def4486c53ebe81e5cfd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\+README-WARNING+.txt
Targets
-
-
Target
98f0350f431d8c3db3ac7933591f74cc0c57ceb85244def4486c53ebe81e5cfd
-
Size
49KB
-
MD5
1927233e15109e714a3d210a61aba67d
-
SHA1
9bf15ed011709d4c1f3a9c9730022eb0979b4247
-
SHA256
98f0350f431d8c3db3ac7933591f74cc0c57ceb85244def4486c53ebe81e5cfd
-
SHA512
3410c5b90472c32460659fa685503fe878fe3823fcb8e8a009447c6d89c81a15d43b89eb811e0c7800bf1af5561823e2c125df23718ae83a89a9edf47e0706f8
-
SSDEEP
768:saQRff+B31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YADEewN4cVoSLXQR:saB318HxZATvnsblYOEe9Z
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8337) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1