General

  • Target

    e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead

  • Size

    504KB

  • Sample

    210831-9sn7qatnhx

  • MD5

    e9454a2ff16897e177d8a11083850ec7

  • SHA1

    6b6855931e69d27f5f2e2d828fbeb4db91688996

  • SHA256

    e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead

  • SHA512

    9bd01ed32887cecefe3987991f3ae3a0375c1cb1bff8b49f795b000076c26a1bb938476e4383b60a3f1ac5de79f7cd3cf2520ef695908815c0fee55a17dcb021

Malware Config

Targets

    • Target

      e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead

    • Size

      504KB

    • MD5

      e9454a2ff16897e177d8a11083850ec7

    • SHA1

      6b6855931e69d27f5f2e2d828fbeb4db91688996

    • SHA256

      e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead

    • SHA512

      9bd01ed32887cecefe3987991f3ae3a0375c1cb1bff8b49f795b000076c26a1bb938476e4383b60a3f1ac5de79f7cd3cf2520ef695908815c0fee55a17dcb021

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks