mespinoza | 6f4338a7a3ef8e491279ae81543a08554cad15d1bce6007047bc4449d945b799 | Triage

Sharing

General

Target

6f4338a7a3ef8e491279ae81543a08554cad15d1bce6007047bc4449d945b799
Size

500KB
Sample

210408-mbyv1asz7e
MD5

35ac0fcbe2b73a541366f2ef83e801cf
SHA1

a80b1f9f44156bc876b9f1e641745af1a5a77be2
SHA256

6f4338a7a3ef8e491279ae81543a08554cad15d1bce6007047bc4449d945b799
SHA512

8a6e9fe27d5235fdcc1ce8429b891c93330d2dde0687cc7fdd590622314bebf56b3948f169bf913cf0786ab8d30439e1ba4b4ca01739a636c1f7e04df92a05f9

Score

10^/10

mespinoza ransomware spyware stealer

Malware Config

Targets

- Target
  
  6f4338a7a3ef8e491279ae81543a08554cad15d1bce6007047bc4449d945b799
- Size
  
  500KB
- MD5
  
  35ac0fcbe2b73a541366f2ef83e801cf
- SHA1
  
  a80b1f9f44156bc876b9f1e641745af1a5a77be2
- SHA256
  
  6f4338a7a3ef8e491279ae81543a08554cad15d1bce6007047bc4449d945b799
- SHA512
  
  8a6e9fe27d5235fdcc1ce8429b891c93330d2dde0687cc7fdd590622314bebf56b3948f169bf913cf0786ab8d30439e1ba4b4ca01739a636c1f7e04df92a05f9
Score

10^/10

mespinoza ransomware spyware stealer
- Mespinoza Ransomware
  Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
  ransomware mespinoza
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

mespinozaransomwarespywarestealer

behavioral2

mespinozaransomwarespywarestealer