General

  • Target

    f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a.sample

  • Size

    499KB

  • Sample

    210726-5z5y4esa3n

  • MD5

    b6dd099b4c51edae5ea0c867ff2f12a7

  • SHA1

    f13800d747ca3d79785f373af3ce098a0298a6d7

  • SHA256

    f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a

  • SHA512

    5ada31af3f39f37fcd15b1afc3ab9f6e60fc47d56097130ac2c8ea734f1db1ce93d552014abeb71ab0235fa65d9ed7b2d9c5cd0367acf99df6d32f138cb3d8ec

Malware Config

Targets

    • Target

      f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a.sample

    • Size

      499KB

    • MD5

      b6dd099b4c51edae5ea0c867ff2f12a7

    • SHA1

      f13800d747ca3d79785f373af3ce098a0298a6d7

    • SHA256

      f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a

    • SHA512

      5ada31af3f39f37fcd15b1afc3ab9f6e60fc47d56097130ac2c8ea734f1db1ce93d552014abeb71ab0235fa65d9ed7b2d9c5cd0367acf99df6d32f138cb3d8ec

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks