General

  • Target

    a47d857ae1a31b81c428c00151aa244369688cfa37cffb5ec84f1f669b910a16

  • Size

    141KB

  • Sample

    250519-nrpcesxmx5

  • MD5

    c2d9941eff9d87744341d97a68701271

  • SHA1

    0ff3de8c1f4a998ae6ad64fc2cb8e5bbc90de28a

  • SHA256

    a47d857ae1a31b81c428c00151aa244369688cfa37cffb5ec84f1f669b910a16

  • SHA512

    0d6de592ed001defb7dd8a8c8e73c5d3a167bfc0c683b5639314b7bbaa0e1388bc87d1945200a13e08e9ac4201b81de153f7c66fe6fa8137c36ff2b5ec846aa5

  • SSDEEP

    1536:uGIIyymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fv:WnzhQNv40j0PW1IrEfMtyhu9

Malware Config

Targets

    • Target

      a47d857ae1a31b81c428c00151aa244369688cfa37cffb5ec84f1f669b910a16

    • Size

      141KB

    • MD5

      c2d9941eff9d87744341d97a68701271

    • SHA1

      0ff3de8c1f4a998ae6ad64fc2cb8e5bbc90de28a

    • SHA256

      a47d857ae1a31b81c428c00151aa244369688cfa37cffb5ec84f1f669b910a16

    • SHA512

      0d6de592ed001defb7dd8a8c8e73c5d3a167bfc0c683b5639314b7bbaa0e1388bc87d1945200a13e08e9ac4201b81de153f7c66fe6fa8137c36ff2b5ec846aa5

    • SSDEEP

      1536:uGIIyymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fv:WnzhQNv40j0PW1IrEfMtyhu9

    • Renames multiple (5273) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks