15e8c986c4602c61a474b51d250e03d5bb178eabc8c5a82a242c1a0fa2227704 | Triage

Sharing

General

Target

15e8c986c4602c61a474b51d250e03d5bb178eabc8c5a82a242c1a0fa2227704.sample
Size

152KB
Sample

210726-p71nqp5vej
MD5

3c701aa97f42c4861ea2c371d6f7e32f
SHA1

870823725625a440013533a4763f1a21d85005f2
SHA256

15e8c986c4602c61a474b51d250e03d5bb178eabc8c5a82a242c1a0fa2227704
SHA512

d4089284784cd8d8821a6d8e08b781131dac38a046e3ae0db3fc3fa4e6c69b8b53fb9f06ca3551d27b452de3190eafc48a5cd74c4250bb5f03f648904a4af82f

Score

8^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  15e8c986c4602c61a474b51d250e03d5bb178eabc8c5a82a242c1a0fa2227704.sample
- Size
  
  152KB
- MD5
  
  3c701aa97f42c4861ea2c371d6f7e32f
- SHA1
  
  870823725625a440013533a4763f1a21d85005f2
- SHA256
  
  15e8c986c4602c61a474b51d250e03d5bb178eabc8c5a82a242c1a0fa2227704
- SHA512
  
  d4089284784cd8d8821a6d8e08b781131dac38a046e3ae0db3fc3fa4e6c69b8b53fb9f06ca3551d27b452de3190eafc48a5cd74c4250bb5f03f648904a4af82f
Score

8^/10

persistence ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

ransomwarespywarestealer