General

  • Target

    V-Bucks Generator.exe

  • Size

    458KB

  • Sample

    250519-yezmqsyj13

  • MD5

    d5e63bc0a087c9cda1215688405b6fb2

  • SHA1

    e32d08d66878bf50458cd8674dfc581a6fc611d4

  • SHA256

    9bf2689546105532a778dc6a0a6e964ece8ff33c4fcea28e82c29940e06d2666

  • SHA512

    cdc9610af7562bca20bb29a14b7acb0facef90f15b21ad4d0006e5dc2afc9533cd406c7735dcc9c1e353cc04ff4b480d7d0229be59e2b0e51ed91bbef4298f12

  • SSDEEP

    12288:QGchrYmYRz1T/I/x/c/Qkrn5gA6IG+rQFR:SrqJT/Cw5gA6Iy

Malware Config

Targets

    • Target

      V-Bucks Generator.exe

    • Size

      458KB

    • MD5

      d5e63bc0a087c9cda1215688405b6fb2

    • SHA1

      e32d08d66878bf50458cd8674dfc581a6fc611d4

    • SHA256

      9bf2689546105532a778dc6a0a6e964ece8ff33c4fcea28e82c29940e06d2666

    • SHA512

      cdc9610af7562bca20bb29a14b7acb0facef90f15b21ad4d0006e5dc2afc9533cd406c7735dcc9c1e353cc04ff4b480d7d0229be59e2b0e51ed91bbef4298f12

    • SSDEEP

      12288:QGchrYmYRz1T/I/x/c/Qkrn5gA6IG+rQFR:SrqJT/Cw5gA6Iy

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks