General
-
Target
591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566
-
Size
11.1MB
-
Sample
250518-tgzcjagn8z
-
MD5
71692058d5c7ca73ffa5a2016be32992
-
SHA1
01bd8a7e0607ba1c4f9066a066d6d226c76aa9d3
-
SHA256
591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566
-
SHA512
83ddfbd2961b185664a06b6eeea096702f8df563a275f20cc563eec349913b51d09f782dad4d345429f31017e4d299319207ac8517181db3e2bccd4683bb53c1
-
SSDEEP
196608:pSquoRKHr8eLRuYiiLnbWJWH4Lc355urH4P/XRL/5m2KKmF:cquIMUY5WJVwJ5umXx5e
Behavioral task
behavioral1
Sample
591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566
-
Size
11.1MB
-
MD5
71692058d5c7ca73ffa5a2016be32992
-
SHA1
01bd8a7e0607ba1c4f9066a066d6d226c76aa9d3
-
SHA256
591e99543d99f4e803a43826880629970ab2809622ff01b47a4e914ce78fe566
-
SHA512
83ddfbd2961b185664a06b6eeea096702f8df563a275f20cc563eec349913b51d09f782dad4d345429f31017e4d299319207ac8517181db3e2bccd4683bb53c1
-
SSDEEP
196608:pSquoRKHr8eLRuYiiLnbWJWH4Lc355urH4P/XRL/5m2KKmF:cquIMUY5WJVwJ5umXx5e
-
Renames multiple (2439) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1