Resubmissions

18/05/2025, 15:10

250518-sj92dafm6w 9

General

  • Target

    IMPORTANT.exe

  • Size

    2.6MB

  • Sample

    250518-sj92dafm6w

  • MD5

    a8f313dfb1bd2b0183555360e44f9c7d

  • SHA1

    ecea055bd41dba07dffe08f62f5de1c2d402ae72

  • SHA256

    a81c6d00185c620df018f2c5bc65abfacd5630285b71fdaedf5d27bd0a5d47c2

  • SHA512

    f284b0995f43a2fb75319c7fa73d27c3c8f6ddd730972b5c398a095f4d978a288dce86559a1ec11872a97753f31dfd415eaa88873366e56f6633a0a4318608b8

  • SSDEEP

    24576:pKpyoYkhEXRfPOC8TDr7sJuVUkQmqY9HNgBNJ6clMi81s3AYG5GsGbZB:pKwoYa8RfPOC8Tfq3AHeG5GsGbZB

Malware Config

Targets

    • Target

      IMPORTANT.exe

    • Size

      2.6MB

    • MD5

      a8f313dfb1bd2b0183555360e44f9c7d

    • SHA1

      ecea055bd41dba07dffe08f62f5de1c2d402ae72

    • SHA256

      a81c6d00185c620df018f2c5bc65abfacd5630285b71fdaedf5d27bd0a5d47c2

    • SHA512

      f284b0995f43a2fb75319c7fa73d27c3c8f6ddd730972b5c398a095f4d978a288dce86559a1ec11872a97753f31dfd415eaa88873366e56f6633a0a4318608b8

    • SSDEEP

      24576:pKpyoYkhEXRfPOC8TDr7sJuVUkQmqY9HNgBNJ6clMi81s3AYG5GsGbZB:pKwoYa8RfPOC8Tfq3AHeG5GsGbZB

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (335) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks