General

  • Target

    18148427feff2c3f1704e3a02178fc4694d0f5d67921d4d6324608877791787b.exe

  • Size

    2.0MB

  • Sample

    250119-nq2w5avqcx

  • MD5

    6a81a06ce6836cf4ffd2872ee48a95b3

  • SHA1

    aa94b123b68a6684eb62a92265555896102e12a4

  • SHA256

    18148427feff2c3f1704e3a02178fc4694d0f5d67921d4d6324608877791787b

  • SHA512

    60d7161eca9b964432fa42d9895e50eda0e9a8bfba47941eb204d1d9c08940f68c41df7360bd054f62563bcada540b1aadf9beb258723fc3c5d6d26f264e83ef

  • SSDEEP

    24576:/C9NSDjKwmxPpbqUspXOTKPEli5VhNOCdQA5M1kAoHq+u:KOjKwmxBqtpJPE5khooK+u

Malware Config

Targets

    • Target

      18148427feff2c3f1704e3a02178fc4694d0f5d67921d4d6324608877791787b.exe

    • Size

      2.0MB

    • MD5

      6a81a06ce6836cf4ffd2872ee48a95b3

    • SHA1

      aa94b123b68a6684eb62a92265555896102e12a4

    • SHA256

      18148427feff2c3f1704e3a02178fc4694d0f5d67921d4d6324608877791787b

    • SHA512

      60d7161eca9b964432fa42d9895e50eda0e9a8bfba47941eb204d1d9c08940f68c41df7360bd054f62563bcada540b1aadf9beb258723fc3c5d6d26f264e83ef

    • SSDEEP

      24576:/C9NSDjKwmxPpbqUspXOTKPEli5VhNOCdQA5M1kAoHq+u:KOjKwmxBqtpJPE5khooK+u

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (69) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks