General

  • Target

    LewdFiles.exe

  • Size

    201.8MB

  • Sample

    250529-26nw4azmw4

  • MD5

    0940873dd555dcf23a1e6be0f3330710

  • SHA1

    7a2f4f0af5c4f8a86f09868f3700cc92b19beb4a

  • SHA256

    ad3a01d9216e21c308e0a3253ce568359962ab4dd1e551dd2afc4b1b4f9911f1

  • SHA512

    a0820f630245e1672422dd35e29ac4cbba9ffb46fc803b549aad27d8f701fbb1209cb71af5a11130755d27818079285035a8bfd26e02002aa2e196b57d3396ee

  • SSDEEP

    6291456:7dI929x75xido4bYY736wazwFZMjqYJ3MpTto:7O2TdxixZZazwZMjN3mTt

Malware Config

Targets

    • Target

      LewdFiles.exe

    • Size

      201.8MB

    • MD5

      0940873dd555dcf23a1e6be0f3330710

    • SHA1

      7a2f4f0af5c4f8a86f09868f3700cc92b19beb4a

    • SHA256

      ad3a01d9216e21c308e0a3253ce568359962ab4dd1e551dd2afc4b1b4f9911f1

    • SHA512

      a0820f630245e1672422dd35e29ac4cbba9ffb46fc803b549aad27d8f701fbb1209cb71af5a11130755d27818079285035a8bfd26e02002aa2e196b57d3396ee

    • SSDEEP

      6291456:7dI929x75xido4bYY736wazwFZMjqYJ3MpTto:7O2TdxixZZazwZMjN3mTt

    • Renames multiple (4192) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks