General

  • Target

    Insomnia.Core-11.0.2.exe

  • Size

    166.9MB

  • Sample

    250501-24ycragm5x

  • MD5

    e5b8c7374971f0dfbb8b055f5384f3d9

  • SHA1

    646c42ca98ed7be46b9e5383029be46226ac8559

  • SHA256

    fefe7ab85e86d0e16fbbf2d3fc7fdaec914799d7192f63ff43da9b17842bae2b

  • SHA512

    20daa9dc4e8d2c48d2e6b2c560a2e38a11c0e58d90c8a04a176e396914f2ff2a6527137fdd8e73fec08a6aa27c2da9a63be36b1c6cf7a7a133705e4abfa3460c

  • SSDEEP

    3145728:D1/VutnzoNTlBTL8VuVUmRZTbGONjRVuF3QvmTT2lPymux4Zcy:D9QtszTL8VMHbjjTu+uTqlPh5

Score
9/10

Malware Config

Targets

    • Target

      Insomnia.Core-11.0.2.exe

    • Size

      166.9MB

    • MD5

      e5b8c7374971f0dfbb8b055f5384f3d9

    • SHA1

      646c42ca98ed7be46b9e5383029be46226ac8559

    • SHA256

      fefe7ab85e86d0e16fbbf2d3fc7fdaec914799d7192f63ff43da9b17842bae2b

    • SHA512

      20daa9dc4e8d2c48d2e6b2c560a2e38a11c0e58d90c8a04a176e396914f2ff2a6527137fdd8e73fec08a6aa27c2da9a63be36b1c6cf7a7a133705e4abfa3460c

    • SSDEEP

      3145728:D1/VutnzoNTlBTL8VuVUmRZTbGONjRVuF3QvmTT2lPymux4Zcy:D9QtszTL8VMHbjjTu+uTqlPh5

    Score
    9/10
    • Renames multiple (242) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks