General

  • Target

    32bit.exe

  • Size

    478KB

  • Sample

    250518-wh4dzsan5w

  • MD5

    aa5dd9410506e0145e1bdc3698d88beb

  • SHA1

    7383b93d94c0ec1d710e46d60509ff6c5de36718

  • SHA256

    3032b026ebd192e9cd58bb98f963db4abce0ca9f6f245de1c0926ae5cb980bea

  • SHA512

    12b0bd916d997872c7264c141e252ed36fe6308ee1dd7f0a2f924265e16476b4eb970ec37ab90e81b19950d12a3e256ae8daff535d95f259b49d1dff9f400572

  • SSDEEP

    6144:9RkIWS45DS6Fa1Egqg3RK0e8D+lxO4Wj0/ShxlpW3YaCO/Vtr+i1PCKWQkGgCnld:9RkaK2jOXawPnSbjhxlMfp/vK4V5xh3

Malware Config

Targets

    • Target

      32bit.exe

    • Size

      478KB

    • MD5

      aa5dd9410506e0145e1bdc3698d88beb

    • SHA1

      7383b93d94c0ec1d710e46d60509ff6c5de36718

    • SHA256

      3032b026ebd192e9cd58bb98f963db4abce0ca9f6f245de1c0926ae5cb980bea

    • SHA512

      12b0bd916d997872c7264c141e252ed36fe6308ee1dd7f0a2f924265e16476b4eb970ec37ab90e81b19950d12a3e256ae8daff535d95f259b49d1dff9f400572

    • SSDEEP

      6144:9RkIWS45DS6Fa1Egqg3RK0e8D+lxO4Wj0/ShxlpW3YaCO/Vtr+i1PCKWQkGgCnld:9RkaK2jOXawPnSbjhxlMfp/vK4V5xh3

    • Renames multiple (20910) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks