General

  • Target

    48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3.sample

  • Size

    499KB

  • Sample

    210726-x4dmpnv9pn

  • MD5

    4ff21b1cec174bbb5bf0b22e42a56af0

  • SHA1

    3c7ae5cfc9053284c73aa34819fd47fd7bc40cc7

  • SHA256

    48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3

  • SHA512

    96a93838cedd0c9d847ca975ad7728e7bfa3662a29564ead784c2fbefc436a850aa2f9d218587a8130c1a08d5cf745ebd3b5c41afa8cda8f733086507f987c84

Malware Config

Targets

    • Target

      48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3.sample

    • Size

      499KB

    • MD5

      4ff21b1cec174bbb5bf0b22e42a56af0

    • SHA1

      3c7ae5cfc9053284c73aa34819fd47fd7bc40cc7

    • SHA256

      48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3

    • SHA512

      96a93838cedd0c9d847ca975ad7728e7bfa3662a29564ead784c2fbefc436a850aa2f9d218587a8130c1a08d5cf745ebd3b5c41afa8cda8f733086507f987c84

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Impact

Data Encrypted for Impact

1
T1486

Tasks