General
-
Target
shell.bin.zip
-
Size
281KB
-
Sample
201020-ygfgc9a6ja
-
MD5
a7f4e980a3f9231a56ad3eef1d30d541
-
SHA1
fbc883217853f00a96995c30b6e58a8a44e23557
-
SHA256
74ba32641122d422cc3a5edcf2395242cf67449e33fac79a1678df7af53f8d7a
-
SHA512
035664f4b686683edb8edb5faea6e8cfcb5cd09d03b80ac0a5daaf2d8741ab2298c17f79d605327ebc210e2b15d8327d6321f709a92582bee6a3195aac966627
Static task
static1
Behavioral task
behavioral1
Sample
shell.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
shell.bin.exe
Resource
win10v200722
Malware Config
Targets
-
-
Target
shell.bin
-
Size
403KB
-
MD5
4c64b7afcf85249f09da741c700eabb1
-
SHA1
18286de90456e26005c346430d1891522a8b985b
-
SHA256
644704ae267daa0f81613569ade954ad2c308031d55e9480501a6afc1ccea83f
-
SHA512
17dece78cd2315202783caa07179028dc3eda5415e69581b8ee57bbebdc72a89d93d6e547082129eece9c0d11f82285cfa00d7da97aa87a0f9f912e692519cfa
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-