Resubmissions

15/01/2025, 23:09

250115-25d1hayqev 9

15/01/2025, 22:19

250115-18nhnsxlat 9

15/01/2025, 22:15

250115-158dnsxkas 9

General

  • Target

    2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33

  • Size

    108KB

  • Sample

    250115-25d1hayqev

  • MD5

    662593328e911803af64d886b6ae60eb

  • SHA1

    43712ea209da9f0ae47a3a5a87fef061a1e74a45

  • SHA256

    2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33

  • SHA512

    208c98ed4373ae9523b8081a4c637860c79c6c89ea5595a6bc59ab2a551066d7524bbbe36fb605191526b2cd651a3ad0d85ad2a8326aaa01e1a4d2126ffe652a

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBmRPsdj2hkAeCgI3i0CJS1Il+lM5QOVhFVh6Jb1Jb3rh:fny1tEyyj2yAeCgjJRDFDqrh

Malware Config

Targets

    • Target

      2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33

    • Size

      108KB

    • MD5

      662593328e911803af64d886b6ae60eb

    • SHA1

      43712ea209da9f0ae47a3a5a87fef061a1e74a45

    • SHA256

      2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33

    • SHA512

      208c98ed4373ae9523b8081a4c637860c79c6c89ea5595a6bc59ab2a551066d7524bbbe36fb605191526b2cd651a3ad0d85ad2a8326aaa01e1a4d2126ffe652a

    • SSDEEP

      1536:V7Zf/FAxTWoJJZENTBmRPsdj2hkAeCgI3i0CJS1Il+lM5QOVhFVh6Jb1Jb3rh:fny1tEyyj2yAeCgjJRDFDqrh

    • Renames multiple (13556) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks