General

  • Target

    5438fbbb093044ec2b6878cd65eab901ebe3600ccfe53b5116bb9d62d0020f92

  • Size

    137KB

  • Sample

    250518-lw3phazls6

  • MD5

    b1bee8f81a242b2a9d39a22cb4b4694e

  • SHA1

    32d95f079c4d6e0a8d587c544d8a154eb15d9a1a

  • SHA256

    5438fbbb093044ec2b6878cd65eab901ebe3600ccfe53b5116bb9d62d0020f92

  • SHA512

    38bb3facfb30a97c03e6ed1ad1e4cf677042dec31997f4e84c8e60c2862ab212e9c43fa9d407a750a8fc24eac2061ea0e3eb0baa519dd893b947efd37fa72f88

  • SSDEEP

    1536:uGIITymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fg:vnzhQNv40j0PW1IrEfMtyhua

Malware Config

Targets

    • Target

      5438fbbb093044ec2b6878cd65eab901ebe3600ccfe53b5116bb9d62d0020f92

    • Size

      137KB

    • MD5

      b1bee8f81a242b2a9d39a22cb4b4694e

    • SHA1

      32d95f079c4d6e0a8d587c544d8a154eb15d9a1a

    • SHA256

      5438fbbb093044ec2b6878cd65eab901ebe3600ccfe53b5116bb9d62d0020f92

    • SHA512

      38bb3facfb30a97c03e6ed1ad1e4cf677042dec31997f4e84c8e60c2862ab212e9c43fa9d407a750a8fc24eac2061ea0e3eb0baa519dd893b947efd37fa72f88

    • SSDEEP

      1536:uGIITymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fg:vnzhQNv40j0PW1IrEfMtyhua

    • Renames multiple (5303) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks