General

  • Target

    ee54f83d3b0052c6f5dfb986d91e91f24e6de5fd347110ddcf444cc2f2d1b88a

  • Size

    136KB

  • Sample

    250515-d2t1jsyqw6

  • MD5

    7d49a9a8237ac28365d5997dbe0e9d45

  • SHA1

    204abf493b38fdaf18e9771a1bcada79e941f9f5

  • SHA256

    ee54f83d3b0052c6f5dfb986d91e91f24e6de5fd347110ddcf444cc2f2d1b88a

  • SHA512

    2967472a66a757c08a6666451e2c6204f25c925966eb1e1fc6c476a5fa7a97ebc8c1fcf1cf50e63e5ad021eb11aecfb0dea9dfb51085164f8ba69e26ad1db511

  • SSDEEP

    1536:uGIIAymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fw:8nzhQNv40j0PW1IrEfMtyhuq

Malware Config

Targets

    • Target

      ee54f83d3b0052c6f5dfb986d91e91f24e6de5fd347110ddcf444cc2f2d1b88a

    • Size

      136KB

    • MD5

      7d49a9a8237ac28365d5997dbe0e9d45

    • SHA1

      204abf493b38fdaf18e9771a1bcada79e941f9f5

    • SHA256

      ee54f83d3b0052c6f5dfb986d91e91f24e6de5fd347110ddcf444cc2f2d1b88a

    • SHA512

      2967472a66a757c08a6666451e2c6204f25c925966eb1e1fc6c476a5fa7a97ebc8c1fcf1cf50e63e5ad021eb11aecfb0dea9dfb51085164f8ba69e26ad1db511

    • SSDEEP

      1536:uGIIAymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fw:8nzhQNv40j0PW1IrEfMtyhuq

    • Renames multiple (5204) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks