General

  • Target

    da78fb46304e11a7af62228456fb73978d7ae2f12f9f854e6043870b1e8e7bd6

  • Size

    137KB

  • Sample

    250518-tdxpjagm5y

  • MD5

    744f289d71e6c5eff7492dc0edeac9bd

  • SHA1

    9de988d770a35334e658f60774914cde160a8eba

  • SHA256

    da78fb46304e11a7af62228456fb73978d7ae2f12f9f854e6043870b1e8e7bd6

  • SHA512

    65b4136333bb14a5bbaf64119660104538e9f8cce3087b4b3f3997a0ffed90b6a4beb89fd23dc5e44cba78502e4c36a736ef4a2b104380bb57dedc0f27a3b0f9

  • SSDEEP

    1536:uGIINymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7FE:pnzhQNv40j0PW1IrEfMtyhuW

Malware Config

Targets

    • Target

      da78fb46304e11a7af62228456fb73978d7ae2f12f9f854e6043870b1e8e7bd6

    • Size

      137KB

    • MD5

      744f289d71e6c5eff7492dc0edeac9bd

    • SHA1

      9de988d770a35334e658f60774914cde160a8eba

    • SHA256

      da78fb46304e11a7af62228456fb73978d7ae2f12f9f854e6043870b1e8e7bd6

    • SHA512

      65b4136333bb14a5bbaf64119660104538e9f8cce3087b4b3f3997a0ffed90b6a4beb89fd23dc5e44cba78502e4c36a736ef4a2b104380bb57dedc0f27a3b0f9

    • SSDEEP

      1536:uGIINymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7FE:pnzhQNv40j0PW1IrEfMtyhuW

    • Renames multiple (5286) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks