General

  • Target

    SecuriteInfo.com.Trojan.DownLoader23.60113.14660.23251.exe

  • Size

    3.3MB

  • Sample

    250501-1aspqsfr8x

  • MD5

    c1ecbeab431839baedca41693ce5c20d

  • SHA1

    efa8c95d6dc13e3e067a893c5e190fc88e2dba5d

  • SHA256

    3fa4b6d0419d69d0c35532f40b358c3af7315397e8952851442af523d69d49ec

  • SHA512

    ac3b3ded47dbbd2a0a30c2360320842ec4d4733c6dc305b224eea75f7decaf8cfa02b3c1a47b40aee21c0763a9f33a34058928a368953296fe15f05263d0fb36

  • SSDEEP

    49152:g7AMFYCkdHPKaWQ/lK3OUDhCbr1dCmimHqxrIav6J0zoBpveWmxWTj:/Ck1TWuI+aD2j

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.DownLoader23.60113.14660.23251.exe

    • Size

      3.3MB

    • MD5

      c1ecbeab431839baedca41693ce5c20d

    • SHA1

      efa8c95d6dc13e3e067a893c5e190fc88e2dba5d

    • SHA256

      3fa4b6d0419d69d0c35532f40b358c3af7315397e8952851442af523d69d49ec

    • SHA512

      ac3b3ded47dbbd2a0a30c2360320842ec4d4733c6dc305b224eea75f7decaf8cfa02b3c1a47b40aee21c0763a9f33a34058928a368953296fe15f05263d0fb36

    • SSDEEP

      49152:g7AMFYCkdHPKaWQ/lK3OUDhCbr1dCmimHqxrIav6J0zoBpveWmxWTj:/Ck1TWuI+aD2j

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v16

Tasks