General

  • Target

    Trojan-Ransom.Win32.TeslaRvng.o-720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1.7z

  • Size

    387KB

  • Sample

    250501-14648agk9t

  • MD5

    8437f085c8a9a66a8c11bf2928b6a759

  • SHA1

    769725ab08eddfac94426ffec802eade43a249ac

  • SHA256

    8aa2824307186620f05acaa06084a62342880d333792aa01b170a2b48d073392

  • SHA512

    31155193e7a78fc7ba36bc8729414915c1939e04040589ea1d906ee3eb56c8718369c8fbc5ae33ea32c9802072d58a2b7214f92ccec8fcd7dc198651b3786f30

  • SSDEEP

    6144:tzUf13Pm6JvOZckyTC9kK2RWs8IbfeRSb4MqwKOyPWe7:OfVJrTgdNIbcg4MqwDyOa

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.TeslaRvng.o-720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1.exe

    • Size

      1.0MB

    • MD5

      7665499f2a1dfd55439c266831f1584d

    • SHA1

      da39a7bcbd898900b42a2a053bf040b9c89ca1b9

    • SHA256

      720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1

    • SHA512

      e524fbc30276c75f77b38d69ce8b4a5f37df76953f99e40a459ac368cca5f3ae978162f3da66aeb45d737e2a047b116cc541a4ff1e480d5fc04153277b69e35c

    • SSDEEP

      12288:IZQcFp9J2/XSjp8cqNUfZ3QKgfS0Z0s9k/B+ojmBNgOR1y/K:fcFp9J2XSjp8cP/D0Zlkp+KNo1

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Creates new service(s)

    • Stops running service(s)

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks