mespinoza | 051fb654403340420102430f807ea41ab790666488d897dc5b0008e99fed47d6 | Triage

Sharing

General

Target

051fb654403340420102430f807ea41ab790666488d897dc5b0008e99fed47d6
Size

500KB
Sample

210408-aykk2wda4e
MD5

768ba1196f9534928ad2f8ffa12bd7f7
SHA1

b435fedf7e40e3ef24dba050102d63e2d5aa2e1e
SHA256

051fb654403340420102430f807ea41ab790666488d897dc5b0008e99fed47d6
SHA512

17c8fcf034b6e9d41aace6486eaa1d550e77b305ca0c72804d9825d0bebccb1b2f639324bc5f0c75b565e26494edefa4219dc8f17db0162dbf402b9d5a6382a7

Score

10^/10

mespinoza ransomware spyware stealer

Malware Config

Targets

- Target
  
  051fb654403340420102430f807ea41ab790666488d897dc5b0008e99fed47d6
- Size
  
  500KB
- MD5
  
  768ba1196f9534928ad2f8ffa12bd7f7
- SHA1
  
  b435fedf7e40e3ef24dba050102d63e2d5aa2e1e
- SHA256
  
  051fb654403340420102430f807ea41ab790666488d897dc5b0008e99fed47d6
- SHA512
  
  17c8fcf034b6e9d41aace6486eaa1d550e77b305ca0c72804d9825d0bebccb1b2f639324bc5f0c75b565e26494edefa4219dc8f17db0162dbf402b9d5a6382a7
Score

10^/10

mespinoza ransomware spyware stealer
- Mespinoza Ransomware
  Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
  ransomware mespinoza
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

mespinozaransomwarespywarestealer

behavioral2

mespinozaransomwarespywarestealer