mespinoza | f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a | Triage

Sharing

General

Target

f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a.sample
Size

499KB
Sample

210726-5z5y4esa3n
MD5

b6dd099b4c51edae5ea0c867ff2f12a7
SHA1

f13800d747ca3d79785f373af3ce098a0298a6d7
SHA256

f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
SHA512

5ada31af3f39f37fcd15b1afc3ab9f6e60fc47d56097130ac2c8ea734f1db1ce93d552014abeb71ab0235fa65d9ed7b2d9c5cd0367acf99df6d32f138cb3d8ec

Score

10^/10

mespinoza ransomware spyware stealer

Malware Config

Targets

- Target
  
  f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a.sample
- Size
  
  499KB
- MD5
  
  b6dd099b4c51edae5ea0c867ff2f12a7
- SHA1
  
  f13800d747ca3d79785f373af3ce098a0298a6d7
- SHA256
  
  f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
- SHA512
  
  5ada31af3f39f37fcd15b1afc3ab9f6e60fc47d56097130ac2c8ea734f1db1ce93d552014abeb71ab0235fa65d9ed7b2d9c5cd0367acf99df6d32f138cb3d8ec
Score

10^/10

spyware stealer mespinoza ransomware
- Mespinoza Ransomware
  Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
  ransomware mespinoza
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

behavioral2

mespinozaransomwarespywarestealer