74ba32641122d422cc3a5edcf2395242cf67449e33fac79a1678df7af53f8d7a | Triage

Resubmissions

04-10-2022 22:47

221004-2qptfscgf3 8

20-10-2020 18:23

201020-ygfgc9a6ja 8

Sharing

General

Target

shell.bin.zip
Size

281KB
Sample

201020-ygfgc9a6ja
MD5

a7f4e980a3f9231a56ad3eef1d30d541
SHA1

fbc883217853f00a96995c30b6e58a8a44e23557
SHA256

74ba32641122d422cc3a5edcf2395242cf67449e33fac79a1678df7af53f8d7a
SHA512

035664f4b686683edb8edb5faea6e8cfcb5cd09d03b80ac0a5daaf2d8741ab2298c17f79d605327ebc210e2b15d8327d6321f709a92582bee6a3195aac966627

Score

8^/10

ransomware spyware

Malware Config

Targets

- Target
  
  shell.bin
- Size
  
  403KB
- MD5
  
  4c64b7afcf85249f09da741c700eabb1
- SHA1
  
  18286de90456e26005c346430d1891522a8b985b
- SHA256
  
  644704ae267daa0f81613569ade954ad2c308031d55e9480501a6afc1ccea83f
- SHA512
  
  17dece78cd2315202783caa07179028dc3eda5415e69581b8ee57bbebdc72a89d93d6e547082129eece9c0d11f82285cfa00d7da97aa87a0f9f912e692519cfa
Score

8^/10

spyware ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywareransomware

behavioral2