4dfc17406a58c6f1ce83a73ce6dd5b343d00fe77d07dfe21d28da13631bfad90 | Triage

Resubmissions

15-03-2021 09:09

210315-2zntzgdr72 8

15-03-2021 08:51

210315-mj6e5pvb66 8

13-03-2021 17:09

210313-hrcfblnjbx 8

Sharing

General

Target

trash.exe
Size

100KB
Sample

210313-hrcfblnjbx
MD5

7f5227030be3d2ef48aa652af1ec72b0
SHA1

202e7ac1c2aaca8fbeed4ac454ca195a33c9d064
SHA256

4dfc17406a58c6f1ce83a73ce6dd5b343d00fe77d07dfe21d28da13631bfad90
SHA512

4603b758416dac60cb322aae6f3566711b6a4a9b657f6448861553b45b1c737fd3180d2b0bc169ef193a2372e89aba14a4d27a25e0a5eb440ed6c4afafe5f55c

Score

8^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  trash.exe
- Size
  
  100KB
- MD5
  
  7f5227030be3d2ef48aa652af1ec72b0
- SHA1
  
  202e7ac1c2aaca8fbeed4ac454ca195a33c9d064
- SHA256
  
  4dfc17406a58c6f1ce83a73ce6dd5b343d00fe77d07dfe21d28da13631bfad90
- SHA512
  
  4603b758416dac60cb322aae6f3566711b6a4a9b657f6448861553b45b1c737fd3180d2b0bc169ef193a2372e89aba14a4d27a25e0a5eb440ed6c4afafe5f55c
Score

8^/10

ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer