9f35d284afd3dafb2ab44e4a09ec7ef7cb62574282edf847d8deb7e450665bd6 | Triage

Resubmissions

14/09/2022, 13:40

220914-qyhvbsebfq 8

Sharing

General

Target

9f35d284afd3dafb2ab44e4a09ec7ef7cb62574282edf847d8deb7e450665bd6.exe
Size

4.4MB
Sample

210817-3ylnl8p6x2
MD5

f155ec35d67f746593ce8cc4e64d33e5
SHA1

822e0997e6c6d577a7803018dedba01a5ec70dc3
SHA256

9f35d284afd3dafb2ab44e4a09ec7ef7cb62574282edf847d8deb7e450665bd6
SHA512

ed5d2470defa3ecb8cdcdfb6b315ed921ac0719b1a08099f646208770f365866b13e2687dea21f25598d858885d54dd62b60ccefc5c45080bc4ccd6bbc923021

Score

8^/10

ransomware spyware stealer upx

Malware Config

Targets

- Target
  
  9f35d284afd3dafb2ab44e4a09ec7ef7cb62574282edf847d8deb7e450665bd6.exe
- Size
  
  4.4MB
- MD5
  
  f155ec35d67f746593ce8cc4e64d33e5
- SHA1
  
  822e0997e6c6d577a7803018dedba01a5ec70dc3
- SHA256
  
  9f35d284afd3dafb2ab44e4a09ec7ef7cb62574282edf847d8deb7e450665bd6
- SHA512
  
  ed5d2470defa3ecb8cdcdfb6b315ed921ac0719b1a08099f646208770f365866b13e2687dea21f25598d858885d54dd62b60ccefc5c45080bc4ccd6bbc923021
Score

8^/10

ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer