General
-
Target
Attachment.bin.zip
-
Size
21KB
-
Sample
210307-rpavdhf3ba
-
MD5
945721e8c28319876e9b6847cda9e59a
-
SHA1
6e02c9ce360357b5b8b9c3371b7c3ee619f00340
-
SHA256
f84c988976d1ff30916c3c081b90e17a06f2f7d051c5d5b35bd610fb9553ef3b
-
SHA512
62cc85761e54dfdb39b7e7baea55327dd33b4428f29533704c96300021f970dd1500c07bedb4488673b688f98e7476a37b05790b396dc4713b5e1b9d7b60f53a
Static task
static1
Behavioral task
behavioral1
Sample
Attachment.bin.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
Attachment.bin.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
Attachment.bin.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\940489315\readme-warning.txt
makop
tuzadiea@msgsafe.io
gudixaxa@yahooweb.co
Targets
-
-
Target
Attachment.bin
-
Size
34KB
-
MD5
12bf7cd0edc70cb548c8ea7a16bfcac2
-
SHA1
c0c757896c8db32e2e92492f98dd86c481cd70cf
-
SHA256
d64a2e8e21b9dd345095cbbe7a32ef47ac3d33012d350b9ec198db3838ca5eaa
-
SHA512
fb97406f687aa3e15003b192f83222712bf35daa0dbab36d0a49e63dc3eea1e3bfb66faff530a1f3b1d193e8f1862a002304629593b4414c9962f2c55e51cf22
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-