General

  • Target

    ratonClient.exe

  • Size

    17.3MB

  • Sample

    250515-mj1j2sem2w

  • MD5

    9196309183e6ce074637e12c859e25a1

  • SHA1

    2dcae0550303a56c173d9b9c71e0c212808e4859

  • SHA256

    2fe94929ee11ba85c1dffc139ba70009e04bc132a2dc5fb9a79ef45183662fe7

  • SHA512

    f05a8e68ef10efe57d59299dba827b65843009162cdcfa42a1f5616cd9870fdcb22fc7442c3ec2e985555df492429ef76fa236e55d0c72dfbb49895b1a97f5ba

  • SSDEEP

    196608:81BEy1ZOR6QqOyjr2LF3Ye6YmnwqdU142UaxAIZJ6yp:8gbR1cjSLFoBYmn5U1PAIZf

Score
9/10

Malware Config

Targets

    • Target

      ratonClient.exe

    • Size

      17.3MB

    • MD5

      9196309183e6ce074637e12c859e25a1

    • SHA1

      2dcae0550303a56c173d9b9c71e0c212808e4859

    • SHA256

      2fe94929ee11ba85c1dffc139ba70009e04bc132a2dc5fb9a79ef45183662fe7

    • SHA512

      f05a8e68ef10efe57d59299dba827b65843009162cdcfa42a1f5616cd9870fdcb22fc7442c3ec2e985555df492429ef76fa236e55d0c72dfbb49895b1a97f5ba

    • SSDEEP

      196608:81BEy1ZOR6QqOyjr2LF3Ye6YmnwqdU142UaxAIZJ6yp:8gbR1cjSLFoBYmn5U1PAIZf

    Score
    9/10
    • Renames multiple (142) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks