General

  • Target

    64bit.exe

  • Size

    501KB

  • Sample

    250518-wcxz1sam8w

  • MD5

    d7f5e0d6c741324ad30dcd682e20715f

  • SHA1

    e4a4a6b0124b7401d533e693a0b887e6c94c6356

  • SHA256

    5926b866a03eeb02257933c50ef6f2f73db4691c2b1d550f40391b036010916f

  • SHA512

    872883ec0fb0819105d44ccc0140adbfb3c85e7326ab099ff503872947e65f3f92a27daef3d084523efd138802b261d3d06f2cce4b5284d2249c324b5d56ff90

  • SSDEEP

    6144:zIEXmAeS+xKnkf2Ru52tKVueiEwHyLiv9U4TS629ZSTx+gmogOKsZetNDV/z5inK:zjWKfkuI80O4uFjJTEnBT+tI

Malware Config

Targets

    • Target

      64bit.exe

    • Size

      501KB

    • MD5

      d7f5e0d6c741324ad30dcd682e20715f

    • SHA1

      e4a4a6b0124b7401d533e693a0b887e6c94c6356

    • SHA256

      5926b866a03eeb02257933c50ef6f2f73db4691c2b1d550f40391b036010916f

    • SHA512

      872883ec0fb0819105d44ccc0140adbfb3c85e7326ab099ff503872947e65f3f92a27daef3d084523efd138802b261d3d06f2cce4b5284d2249c324b5d56ff90

    • SSDEEP

      6144:zIEXmAeS+xKnkf2Ru52tKVueiEwHyLiv9U4TS629ZSTx+gmogOKsZetNDV/z5inK:zjWKfkuI80O4uFjJTEnBT+tI

    • Renames multiple (25661) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks