Overview

overview

10

Static

static

049263e712...6c.exe

windows7_x64

10

049263e712...6c.exe

windows10_x64

10

2a2eb971b8...d0.exe

windows7_x64

10

2a2eb971b8...d0.exe

windows10_x64

10

32d6be4f86...f3.exe

windows7_x64

10

32d6be4f86...f3.exe

windows10_x64

10

39ef1d9afd...d8.exe

windows7_x64

10

39ef1d9afd...d8.exe

windows10_x64

10

3a83805e3a...7e.exe

windows7_x64

10

3a83805e3a...7e.exe

windows10_x64

10

d1b6ee9b71...2b.exe

windows7_x64

10

d1b6ee9b71...2b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5431421224910848.zip

  • Size

    1.4MB

  • Sample

    210616-yx7chqf41a

  • MD5

    1ec1ba3df337d9b6c0ba6a0f29e51f38

  • SHA1

    9a8feda4ebcc16137e69ee14e6c1f8bdd3723d38

  • SHA256

    53ac93ae243dbe168f8af36cb17534318ebeb8f6a9e3f3660694beb3b2a25255

  • SHA512

    a1d3106e0ef3905665bb02fb551b2d60f434d97899e2dd75083d1be70fb5c4cdc8b5c03195602ad65b015401e3a4c4503cf476fdc77459cb19349327c1d4c8f5

Score
10/10
mespinozaransomwarespywarestealer

Malware Config

Targets

    • Target

      049263e712631a447fd13c8255ed456bcac8b4227502841acd8f229d89dc066c

    • Size

      532KB

    • MD5

      abdc29577ef646613ecc089bf0a0bf6a

    • SHA1

      97760dfeefa72766ec28973c331faad441bfc5f8

    • SHA256

      049263e712631a447fd13c8255ed456bcac8b4227502841acd8f229d89dc066c

    • SHA512

      bfb85082f95182027bb9aa81f1c350784543bef227757b79046c73447fa10a669f4f9d7f5542b60d32bd213663900b4e8651e5fcf356915650d0b058f59bd614

    Score
    10/10
    mespinozaransomwarespywarestealer

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

      ransomwaremespinoza

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

    • Target

      2a2eb971b878f56a0a5762656be6f59ec9623451acf4cf16b8c02e478d044cd0

    • Size

      501KB

    • MD5

      3f478dec46b01ca3cae11e238095c325

    • SHA1

      62c19bfdeefa22c9cb81b4e4d1a34f10fb41a32b

    • SHA256

      2a2eb971b878f56a0a5762656be6f59ec9623451acf4cf16b8c02e478d044cd0

    • SHA512

      f3ed3c1ede86bd4b113fe5ebcd27b79863408132c92ad583e9118604f7914eeb3ba1201e8d48ab641a6de49104e9dd7547369936bbe532a6826404e835856470

    Score
    10/10
    mespinozaransomwarespywarestealer

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

      ransomwaremespinoza

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral3behavioral4

    • Target

      32d6be4f86451871f70590f01ce01e9263abe18286db1272928a23c125e844f3

    • Size

      500KB

    • MD5

      22402bcb2bdc85f46506abe19ed3d21c

    • SHA1

      bf17708e0e90dfadbbecd0fadbf9f392b3ccfbb5

    • SHA256

      32d6be4f86451871f70590f01ce01e9263abe18286db1272928a23c125e844f3

    • SHA512

      f29ee747e8ce22f954fb5ac8329e162489f04099113d5a7d1e0205a8f9956135dbade1524a15f88974551a3477d905164a056f4c9495341abd6cb8b25f8e3961

    Score
    10/10
    mespinozaransomwarespywarestealer

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

      ransomwaremespinoza

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral5behavioral6

    • Target

      39ef1d9afd248791d765f0deaed6ebaac5416876a705e407cc97a35dad038fd8

    • Size

      501KB

    • MD5

      0189bc03d7c37649bd3a9d41884de2b8

    • SHA1

      750c2c2457dc45e7f9de54fc6a340a87a15ede17

    • SHA256

      39ef1d9afd248791d765f0deaed6ebaac5416876a705e407cc97a35dad038fd8

    • SHA512

      8c1e8ccfe40e9b2b931f9e3f013b2dbef076e8d0eb9cbdfd017dd0b7d919d41bb934315f02c434ef99e0c68ec44ab712dfee26fe3260b8e3ba3d9c458bb5e6b6

    Score
    10/10
    mespinozaransomwarespywarestealer

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

      ransomwaremespinoza

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral7behavioral8

    • Target

      3a83805e3ad41c6acd7931a0902b519669b8f38e491357c6f31fa46509f3c77e

    • Size

      500KB

    • MD5

      3c1ab60250969d76910badaadd740858

    • SHA1

      f2dda64bf3d8758f144b971443d5262500faf939

    • SHA256

      3a83805e3ad41c6acd7931a0902b519669b8f38e491357c6f31fa46509f3c77e

    • SHA512

      a9ecfc5e941471e99002944c035765e9c9b0b4da7eba21bba96c82b2c8ea1696940286a802577c109b08e63bd4abe1cc313180534ce151101b731e1334811a4d

    Score
    10/10
    mespinozaransomwarespywarestealer

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

      ransomwaremespinoza

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral9behavioral10

    • Target

      d1b6ee9b716fe48e51ac4e6bec691366bb08d507773d61a5d14fb15ec5e25e2b

    • Size

      500KB

    • MD5

      4b1111e3ff64fa9836047ed70f0e93b2

    • SHA1

      44013f5f6f5c88482441f1fa673e1ada7d6e845f

    • SHA256

      d1b6ee9b716fe48e51ac4e6bec691366bb08d507773d61a5d14fb15ec5e25e2b

    • SHA512

      166e785132a0474149196cbd77f0b4644a3676dc8f4b7e55ece6e92275e1caffd30db2a82a0b3f3dd1ba52dd2683dfc74dfc5f669990d4157a9af17b6c0c793a

    Score
    10/10
    mespinozaransomwarespywarestealer

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

      ransomwaremespinoza

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Credentials in Files

6
T1081

Discovery

Query Registry

6
T1012

System Information Discovery

6
T1082

Lateral Movement

Collection

Data from Local System

6
T1005

Exfiltration

Command and Control

Impact

Data Encrypted for Impact

6
T1486

Tasks