mespinoza | 75c8e93ffcfd84f0d3444c0b9fc8c9a462f91540c8760025c393a749d198d9db | Triage

Sharing

General

Target

75c8e93ffcfd84f0d3444c0b9fc8c9a462f91540c8760025c393a749d198d9db
Size

500KB
Sample

210408-c68khppx1n
MD5

ba93f5b8f6beb7797cccf6e7a9370ccd
SHA1

94a351849632c435f6809eda080f52e6d0ad1195
SHA256

75c8e93ffcfd84f0d3444c0b9fc8c9a462f91540c8760025c393a749d198d9db
SHA512

aaba4759f720fe5c82c801eefafe30abc9224cd0cc38549ca91c11a0948724147c4803184e1320dbaa3e10ea8e26a6ee146e2f70e2cdefd8ec18981d17455416

Score

10^/10

mespinoza ransomware spyware stealer

Malware Config

Targets

- Target
  
  75c8e93ffcfd84f0d3444c0b9fc8c9a462f91540c8760025c393a749d198d9db
- Size
  
  500KB
- MD5
  
  ba93f5b8f6beb7797cccf6e7a9370ccd
- SHA1
  
  94a351849632c435f6809eda080f52e6d0ad1195
- SHA256
  
  75c8e93ffcfd84f0d3444c0b9fc8c9a462f91540c8760025c393a749d198d9db
- SHA512
  
  aaba4759f720fe5c82c801eefafe30abc9224cd0cc38549ca91c11a0948724147c4803184e1320dbaa3e10ea8e26a6ee146e2f70e2cdefd8ec18981d17455416
Score

10^/10

mespinoza ransomware spyware stealer
- Mespinoza Ransomware
  Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
  ransomware mespinoza
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

mespinozaransomwarespywarestealer

behavioral2

mespinozaransomwarespywarestealer