mespinoza | 48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3 | Triage

Sharing

General

Target

48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3.sample
Size

499KB
Sample

210726-x4dmpnv9pn
MD5

4ff21b1cec174bbb5bf0b22e42a56af0
SHA1

3c7ae5cfc9053284c73aa34819fd47fd7bc40cc7
SHA256

48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3
SHA512

96a93838cedd0c9d847ca975ad7728e7bfa3662a29564ead784c2fbefc436a850aa2f9d218587a8130c1a08d5cf745ebd3b5c41afa8cda8f733086507f987c84

Score

10^/10

mespinoza ransomware spyware stealer

Malware Config

Targets

- Target
  
  48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3.sample
- Size
  
  499KB
- MD5
  
  4ff21b1cec174bbb5bf0b22e42a56af0
- SHA1
  
  3c7ae5cfc9053284c73aa34819fd47fd7bc40cc7
- SHA256
  
  48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3
- SHA512
  
  96a93838cedd0c9d847ca975ad7728e7bfa3662a29564ead784c2fbefc436a850aa2f9d218587a8130c1a08d5cf745ebd3b5c41afa8cda8f733086507f987c84
Score

10^/10

mespinoza ransomware spyware stealer
- Mespinoza Ransomware
  Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
  ransomware mespinoza
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

mespinozaransomwarespywarestealer

behavioral2

mespinozaransomwarespywarestealer