General

  • Target

    ByeData.exe

  • Size

    102KB

  • Sample

    250704-xxdmjsxvdt

  • MD5

    704b6118db9f67f7ecb0dd713eb19d55

  • SHA1

    4c687c8f6de70d4b4dc71536978cd8fcb537f4b2

  • SHA256

    675d85eab55e9d8df703b5fc4a138ad98f5ee35485d8310831dfab4fe320898f

  • SHA512

    9b669fd1d2d0ada9aa90a74da5893764705b73d3a735cbb03c854cff0e16b423b57c2d3a3f96a19fa3e09012de3635687db9e13edc7edc6b58375c199731e4f6

  • SSDEEP

    1536:x+BLxiTzbXarwzn7z+XY+l6YR5RHhO3+N3+AmjThCp:M2TXX02L+7HRsONON/op

Malware Config

Targets

    • Target

      ByeData.exe

    • Size

      102KB

    • MD5

      704b6118db9f67f7ecb0dd713eb19d55

    • SHA1

      4c687c8f6de70d4b4dc71536978cd8fcb537f4b2

    • SHA256

      675d85eab55e9d8df703b5fc4a138ad98f5ee35485d8310831dfab4fe320898f

    • SHA512

      9b669fd1d2d0ada9aa90a74da5893764705b73d3a735cbb03c854cff0e16b423b57c2d3a3f96a19fa3e09012de3635687db9e13edc7edc6b58375c199731e4f6

    • SSDEEP

      1536:x+BLxiTzbXarwzn7z+XY+l6YR5RHhO3+N3+AmjThCp:M2TXX02L+7HRsONON/op

    • Renames multiple (3265) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v16

Tasks