Resubmissions

28/03/2025, 14:59 UTC

250328-sc4wsazjx2 10

28/03/2025, 14:53 UTC

250328-r9rr2sxwbz 10

27/03/2025, 13:35 UTC

250327-qvr9laswew 10

General

  • Target

    JKT48.exe

  • Size

    8.0MB

  • Sample

    250328-r9rr2sxwbz

  • MD5

    41f5bac802f5e79dc2ca7a3db25d0001

  • SHA1

    ce56c42cadd2db13edf03c15ce3b11c2cfa00f9e

  • SHA256

    9b495506295d895825ddf2a45c28f704debc31f28c4943b1a78b75c898a4375d

  • SHA512

    94705e83ce1b104954be07210ea3648c7403a6dd86ebaf6e884ced1552636b6a05a3b2926415d6c49ff251a675815435e4b2a3c8f816bbbf68c08c3299db99ab

  • SSDEEP

    196608:PF35AX/ip4e/aS3e+gr80KILDjhoOX9oeqZ8r8swzH0e:d3KX/o4eSTr80xHhJ8s63

Malware Config

Targets

    • Target

      JKT48.exe

    • Size

      8.0MB

    • MD5

      41f5bac802f5e79dc2ca7a3db25d0001

    • SHA1

      ce56c42cadd2db13edf03c15ce3b11c2cfa00f9e

    • SHA256

      9b495506295d895825ddf2a45c28f704debc31f28c4943b1a78b75c898a4375d

    • SHA512

      94705e83ce1b104954be07210ea3648c7403a6dd86ebaf6e884ced1552636b6a05a3b2926415d6c49ff251a675815435e4b2a3c8f816bbbf68c08c3299db99ab

    • SSDEEP

      196608:PF35AX/ip4e/aS3e+gr80KILDjhoOX9oeqZ8r8swzH0e:d3KX/o4eSTr80xHhJ8s63

    • Modifies Windows Defender DisableAntiSpyware settings

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Event Triggered Execution: Image File Execution Options Injection

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Network Share Discovery

      Attempt to gather information on host network.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.