General

  • Target

    c70a3b1175fa15fc9054f7c4fca110299a64d4b9e84e9e41f48c14856249f4da

  • Size

    229KB

  • Sample

    250502-npvfnazycx

  • MD5

    476ef8c3e8867089e8251ed2a9668a7b

  • SHA1

    c66405dbb8a3695f9305618590835bd3f4a3b874

  • SHA256

    c70a3b1175fa15fc9054f7c4fca110299a64d4b9e84e9e41f48c14856249f4da

  • SHA512

    438cc3eb1a435c99545ae7201c293b2da7816be8c6397df9793b039aba97a212aa22f572b66107ed2a7389a207380157fc2f227140744af3369287a0e871e4c1

  • SSDEEP

    3072:PCka+8u4vbcGGXeq4N/3hk9HEWFDA9DUs6ptOYUWcrwjEBZ:PCO4vbcGGu/N/+93pi88YUHkE

Malware Config

Targets

    • Target

      c70a3b1175fa15fc9054f7c4fca110299a64d4b9e84e9e41f48c14856249f4da

    • Size

      229KB

    • MD5

      476ef8c3e8867089e8251ed2a9668a7b

    • SHA1

      c66405dbb8a3695f9305618590835bd3f4a3b874

    • SHA256

      c70a3b1175fa15fc9054f7c4fca110299a64d4b9e84e9e41f48c14856249f4da

    • SHA512

      438cc3eb1a435c99545ae7201c293b2da7816be8c6397df9793b039aba97a212aa22f572b66107ed2a7389a207380157fc2f227140744af3369287a0e871e4c1

    • SSDEEP

      3072:PCka+8u4vbcGGXeq4N/3hk9HEWFDA9DUs6ptOYUWcrwjEBZ:PCO4vbcGGu/N/+93pi88YUHkE

    • Renames multiple (149) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks