General
-
Target
SecuriteInfo.com.Trojan.DownLoader23.60113.14660.23251.exe
-
Size
3.3MB
-
Sample
250501-1aspqsfr8x
-
MD5
c1ecbeab431839baedca41693ce5c20d
-
SHA1
efa8c95d6dc13e3e067a893c5e190fc88e2dba5d
-
SHA256
3fa4b6d0419d69d0c35532f40b358c3af7315397e8952851442af523d69d49ec
-
SHA512
ac3b3ded47dbbd2a0a30c2360320842ec4d4733c6dc305b224eea75f7decaf8cfa02b3c1a47b40aee21c0763a9f33a34058928a368953296fe15f05263d0fb36
-
SSDEEP
49152:g7AMFYCkdHPKaWQ/lK3OUDhCbr1dCmimHqxrIav6J0zoBpveWmxWTj:/Ck1TWuI+aD2j
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.DownLoader23.60113.14660.23251.exe
Resource
win10v2004-20250410-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.DownLoader23.60113.14660.23251.exe
-
Size
3.3MB
-
MD5
c1ecbeab431839baedca41693ce5c20d
-
SHA1
efa8c95d6dc13e3e067a893c5e190fc88e2dba5d
-
SHA256
3fa4b6d0419d69d0c35532f40b358c3af7315397e8952851442af523d69d49ec
-
SHA512
ac3b3ded47dbbd2a0a30c2360320842ec4d4733c6dc305b224eea75f7decaf8cfa02b3c1a47b40aee21c0763a9f33a34058928a368953296fe15f05263d0fb36
-
SSDEEP
49152:g7AMFYCkdHPKaWQ/lK3OUDhCbr1dCmimHqxrIav6J0zoBpveWmxWTj:/Ck1TWuI+aD2j
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
2File Deletion
2Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1