General

  • Target

    RUNME.exe

  • Size

    83KB

  • Sample

    250515-3zdcfsbj3y

  • MD5

    ab3d6fe343b198ca8fd7f37ba9b2fed3

  • SHA1

    086dbb2c7f6c83d7289fed6666819d6d3fbc5415

  • SHA256

    c79c605f161fad48713cb09035aa137c7b4e543ca73ff0e9291b7d8a6d621472

  • SHA512

    286dbfd4ca76e4f2c148bf3b8fca51978dc1be57e5e4f12b9442f2b8f02358b57376337c3b3168fd3002ad57f3445ea46187214d447c86d319b054f84f2d9795

  • SSDEEP

    1536:sirGwI/5yBcmkwQpgppr5Q1cVikuUNASjDrguK9iwQVAT9PMjx5:Pu/5ymxRpaprBikuUNpDrjK9iwQaZMj

Malware Config

Targets

    • Target

      RUNME.exe

    • Size

      83KB

    • MD5

      ab3d6fe343b198ca8fd7f37ba9b2fed3

    • SHA1

      086dbb2c7f6c83d7289fed6666819d6d3fbc5415

    • SHA256

      c79c605f161fad48713cb09035aa137c7b4e543ca73ff0e9291b7d8a6d621472

    • SHA512

      286dbfd4ca76e4f2c148bf3b8fca51978dc1be57e5e4f12b9442f2b8f02358b57376337c3b3168fd3002ad57f3445ea46187214d447c86d319b054f84f2d9795

    • SSDEEP

      1536:sirGwI/5yBcmkwQpgppr5Q1cVikuUNASjDrguK9iwQVAT9PMjx5:Pu/5ymxRpaprBikuUNpDrjK9iwQaZMj

    • Deletes NTFS Change Journal

      The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks