mespinoza | 4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99 | Triage

Sharing

General

Target

4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99
Size

504KB
Sample

210408-m4swb7bm4e
MD5

e3da64fd9a0a585ebe00ac7f235104d6
SHA1

52b2fc13ec0dbf8a0250c066cd3486b635a27827
SHA256

4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99
SHA512

1620d261d7c176fcb9f93a8b178af55698b7faeb4baa8d3ca3531d211c58eb6ccbf36e57263095f254d3f5567b1b51865dcea48302e6ecfd9d56c6cff3ab98f8

Score

10^/10

mespinoza ransomware spyware stealer

Malware Config

Extracted

Family

mespinoza

Attributes

ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.

Targets

- Target
  
  4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99
- Size
  
  504KB
- MD5
  
  e3da64fd9a0a585ebe00ac7f235104d6
- SHA1
  
  52b2fc13ec0dbf8a0250c066cd3486b635a27827
- SHA256
  
  4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99
- SHA512
  
  1620d261d7c176fcb9f93a8b178af55698b7faeb4baa8d3ca3531d211c58eb6ccbf36e57263095f254d3f5567b1b51865dcea48302e6ecfd9d56c6cff3ab98f8
Score

10^/10

mespinoza ransomware spyware stealer
- Mespinoza Ransomware
  Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
  ransomware mespinoza
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

mespinozaransomwarespywarestealer

behavioral2

mespinozaransomwarespywarestealer