9ce24664cc2fa049bf12d41471939252c295ccf893f00bdc754d73aec1c84b5e | Triage

Submit
Reports

Overview

overview

8

Static

static

sample.exe

windows7_x64

7

sample.exe

windows10_x64

8

Resubmissions

04-11-2022 23:59

221104-31zxvacbc3 8

24-12-2020 17:30

201224-s43rdxvlqn 8

Sharing

General

Target

fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.bin.sample.gz
Size

26KB
Sample

201224-s43rdxvlqn
MD5

b95f50738e4ef830f1d077933401b6eb
SHA1

99a5ac82d8109a8a769fb09cab93cec46310f757
SHA256

9ce24664cc2fa049bf12d41471939252c295ccf893f00bdc754d73aec1c84b5e
SHA512

71935bfa4746d126d88496145dad7927dd55a20dd51ac1bba420f63848f79d99bd5f2e45fabfea5f64f2bcb3d1c1205331924c9d630197b03d770c40f22d155b

Score

8^/10

persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

sample.exe

Resource

win7v20201028

persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample.exe

Resource

win10v20201028

persistence ransomware spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  26KB
- MD5
  
  c7cfaca6501361febe27a6b3e66a61bf
- SHA1
  
  55a3414b9668596e120139a059db91a306281dcc
- SHA256
  
  fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44
- SHA512
  
  490814ad45e81ca6712c179fc6f9849788da1e379a02597136a52cc8695d895b648676f1ae2ee200effdac0f0dac7d56bef0af3b6854c8c150f33120af4d75a1
Score

8^/10

persistence spyware ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

persistenceransomwarespyware

© 2018-2024

Terms | Privacy