Resubmissions

05-10-2021 19:56

211005-yn32hsacd9 10

27-09-2021 13:20

210927-qlaceshagr 10

Analysis

  • max time kernel
    83s
  • max time network
    85s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-09-2021 13:20

General

  • Target

    HotCoffeeRansomware.exe

  • Size

    776KB

  • MD5

    c054c0f03277f7f0bdad9350fa3d5c2d

  • SHA1

    752071b548bb3a4c45c91174fcf5cf95ce99638a

  • SHA256

    546f3a70ab029ad78105f1b7cf581038362cfbb3c7120326075552d72656ec98

  • SHA512

    783a02a18f15c80c21cb08b9822ab02c0f62a11340edbbc44a364db9d820bda795db086f843ed3c2597d86c2933dc531ebdaa2ab3fc97e3f5e18aa3c437f6576

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HotCoffeeRansomware.exe
    "C:\Users\Admin\AppData\Local\Temp\HotCoffeeRansomware.exe"
    1⤵
    • Drops startup file
    • Drops file in Program Files directory
    PID:652

Network

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Replay Monitor

Loading Replay Monitor...

Downloads