General

  • Target

    591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566

  • Size

    11.1MB

  • Sample

    250518-tgzcjagn8z

  • MD5

    71692058d5c7ca73ffa5a2016be32992

  • SHA1

    01bd8a7e0607ba1c4f9066a066d6d226c76aa9d3

  • SHA256

    591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566

  • SHA512

    83ddfbd2961b185664a06b6eeea096702f8df563a275f20cc563eec349913b51d09f782dad4d345429f31017e4d299319207ac8517181db3e2bccd4683bb53c1

  • SSDEEP

    196608:pSquoRKHr8eLRuYiiLnbWJWH4Lc355urH4P/XRL/5m2KKmF:cquIMUY5WJVwJ5umXx5e

Malware Config

Targets

    • Target

      591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566

    • Size

      11.1MB

    • MD5

      71692058d5c7ca73ffa5a2016be32992

    • SHA1

      01bd8a7e0607ba1c4f9066a066d6d226c76aa9d3

    • SHA256

      591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566

    • SHA512

      83ddfbd2961b185664a06b6eeea096702f8df563a275f20cc563eec349913b51d09f782dad4d345429f31017e4d299319207ac8517181db3e2bccd4683bb53c1

    • SSDEEP

      196608:pSquoRKHr8eLRuYiiLnbWJWH4Lc355urH4P/XRL/5m2KKmF:cquIMUY5WJVwJ5umXx5e

    • Renames multiple (2439) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v16

Tasks