47a6b20d09153ebddf527274742655bbf7ba1b9a2b2c3ed0fd38e840cbe951f1 | Triage

Resubmissions

19/11/2020, 11:31 UTC

201119-qt7r33qcre 8

19/11/2020, 08:31 UTC

201119-pvsltmgsys 8

Sharing

General

Target

4963869334470656.zip
Size

72KB
Sample

201119-qt7r33qcre
MD5

f3e4f8cfb0dea92bd9415bb670ff7934
SHA1

f8a2e2562d88f08779562cfef2a74e3118689779
SHA256

47a6b20d09153ebddf527274742655bbf7ba1b9a2b2c3ed0fd38e840cbe951f1
SHA512

f66233d84ab6f8ee41ff90c97bed8a889f38977dc66a7b6428b505b6b315a9dbceff91735d28e595906e81c2284f57645ad5c01d4a9dee8fdc2bdbb2058d328c

Score

8^/10

ransomware spyware

Malware Config

Targets

- Target
  
  f94fbc387e32abb67244f5130becb5f50d8094726eaf592fd71ba94c4efd17b1
- Size
  
  130KB
- MD5
  
  c6d312f61bfa434c22e7c1eccb334b90
- SHA1
  
  6741b06dfbcf8fcbf2d409af021ca8f94eeb7124
- SHA256
  
  f94fbc387e32abb67244f5130becb5f50d8094726eaf592fd71ba94c4efd17b1
- SHA512
  
  23ccd656c1d36cb3d3c15068d63c8608f2508b2212562dd60624fe7bf292c0dea3a8f54bad70efd2df8f4d6eb3d33ff222fab4826bebb59231ec7b6a055fa07c
Score

8^/10

ransomware spyware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespyware

behavioral2

ransomwarespyware