sample1.zip

General
Target

sample1.zip

Size

80KB

Sample

211027-k38zesbch3

Score
10 /10
MD5

2c112897a40cafed56cb84522a5daaf7

SHA1

4b1ced5dc5f01133a0bfc925b66fe34a3bf9e975

SHA256

d291fc899f31591a3acdd91c7f0f5199384e2b587234157a0c0ec9d05e93cefd

SHA512

233c075be1f25f8029ff477097812ab9623e9d50531342c33003f2471212178575a38b9c3a3df8aeaf855bd538e7aee5f7923ee238f94adef1683d7401c974b8

Malware Config

Extracted

Path C:\NABFAM-DECRYPT.txt
Ransom Note
---= GANDCRAB V5.0.1 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .NABFAM The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/b202954f5a21e15a | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAMVi9sPSvnPUlF7mNh+txFOoEgvnXX+LCkGJDGDBdPCg5i/smfneXvnm2fmRfacD75gvVcrfuV7GjAVc7juYbV/T1ATfJxLHMPDhvE72wLkHEAYIoWPKqBoO99D0fCEKsdWYeId+jXkZlD7DKrHTaui4OXvrUGNXvCHOA5xlwno+WX0oZBFG4sTI2FBxO8TdZsHCnHE6byJ6Qq/zCdyT+/uLYbi6klLwu5skgYnXbc8VKflyZ4ZiwSZAvuBe67370wQ/5eJieznSiecYZsIiurpzZKn9QaSIZ+YmRAw4DdfwL/J5pbBjJf4/hBQK3STn489di29QVzcdJOIM3YXaM8PLs8pE1FHLTU/ekPWKsBJu6eSzzVKIfP/17srp9FJw8CRZY29Gr0UyjtzJs3nkcBWSkQh2ki0KqaGwTRBqOQG09IqhAkF07pJw9cd//FVrkh0zshyp3TiMSsjmTT+1H5vSjQd22lmWvZOFuBLQ9GpSSwogaae1sPSySS7w8CcpBDspazbJSCDyHjE2MDuOwzM4pYBWSliukVXPPYcJB+Jh6/oPm355uQHslU6G5pHS3kI0elrKPDIK+KTbIvk5uPmXLlD5siJ9cNi8lEsTspLzPB5HXy7ottkenLHY+Mrpb1asgeb4KalZyMApMZ8rVyqFG/d9dGvNCX31A7Wd63iXwYd/9j9UOdb3sYrLtvWqaWt+JGC8jeFYw2pAYAp8a53BPlXsj6YtcYnLHwsdc10kS5n+ZQ0AHlgG3tNsdJ8tPpoFyz5/N3klqZp6fgR1bUVItMNe/+dqXmP2xQq633Z/E/0Tn0mUF3MlJyngxPRhx5pR/XBHkrRuANYZv2Y+rLo2iubhmanje5Qp7u9C1ZCRJOAKKQwYil66gi0OVhzS2IZiHUGeoAChhwfKLbAhxZYoZuAq//wZ8pkd5HvLilyxdUg0pIU3hWIRl/wYilojiqPG6A3iWIgu/xIrEq7qOnkFaVyjNveGYT2lmsmprFezdp5wvKJTG/eL6OM3fBePXygN6l3yTnpYlkSKHEjcHPYnq03jYFPAbiFQyl7oTmXrMD9cOL50NW/p4uFRwtoYhGLgSUled3YYJQGJ4bdaGwuoXB2mVIWw338IcDMlrpWOb6YasSrbobkN3L9Og/jVCQgzMrsToTkxcA4n0Jx7CUmThzdwUiQ2t/poArt51/wKDeA4jT/2Yuk1XKQwVLiorLTlLDNgnOcwZPLuZxe9aeBOgV2Boo0kY0HwnwVtCBXGi8OTXYUUfqcQZdYdbuJ3nVTWnORBxskqqQuP7HYz3ZEob3sEIIggDT8Z9M61ZjJV4YnZr6RTWZbq+fdMLy4X9J4UoTwBd9gg4ht6640f/lJM6YcbLAIFg21an8NKcwf6922+eTtoKtxBkPavQOcuX+NSGmMx0KsjINWCwTMLx8GcTHCVrFNPLZSFvLP4YQ083gBBPoYXnE/3HP4q7JRD2LGZBlaIvDWyYiIib3lz39asYtEYCcP+ZCIdJhbHsAo/A5gPRRoYsC6pMVVju8NU0nxfsNJs7TOpHlwPjEOMIiarNXhtNvdUfVFcsIssy2wbX+V396NrrqFtuSqiue4TD5toXtln4G2fw3QQaNO3s14SMIvA6lL+I8XITLoRmMb8Wvi7kpU7po+Dp1qn955a+wljpsHS69miepIRMlNwo783go7/fx/1usk1bvrFhhCScCgLaHGMW/Qflrzz6+1id4O4iLDE7MVuOs/ScIoxybotESGFof9VqJ2ZRlS5EmdHMyUzVu/dXws8IaS8AiPkef38oJG5EpegcoF5Tao2i8sDCKbtqcJLPI2CoIsEkcnRih1CN2qlUik2bhEekm9a77zEywbdIRxT86URMSI9m7HZVrw0T8IU2hRW5OcYLLwaIFRcV2mVzgPbU7328oGqKKYzNoBvvrccZJ0nir4e3jSF5qtgXcw+ZsPm7dRlXnG39rHjumy+nuVqvBd9EC4ZpJrMM1dXYml/QXeUq57ry72rvskWPN4125eq0YOVMKPDPexZO20jho+bddi7LCPKEhRXg3XJyqEGqUOVclUCD/eQ2+4jbEMnv4o9dhHU1L60QGDtmmx5nKZG2Ubrv2EXK8rWTr3ojEfi5ME/x+vio7XVmXbkNeqCd+go7K6EoHnj40ZBxqP/V7hWLGLf1326OQZtBACoJkrYi+8oCYh46G9XgTH+qwbVYrbzYirzlkJzMlN6J+oveAyxbkRRbVY73eDxAnc= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZdTo1RvXYU7nBWvbfcTG+Hhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wLmpQodXZhP6M/UPrO1sZzkDbgjYlAG3g8l65nVd0/CBUxKQ7KDJYrtX0vSmnFXg/ykfgtJNiwqfCnqbr85+BisbFwkUjB4uKt/2M2FetwGt5YPVqBBibt+BHXEdwb8CcE4oG4b6a1Y8ZyGoyp2Q2iuJRzTRoqGlPQJIAJpJFswNcoAhPJnK0+Ce5dALefhGEwg7NrKg3sxA1KwA7/ZinpCRFO3vDLOOav1w4ZJ3RPRgGKcTnY1ljgYn9OmQ3fyiydQRBnybIjlsmw6HIKVZjpOjehfFYcP8A6PylN3H9bQ3TCxaZCEv3tLUi+BdhMPpGxHsMOI7+QRdQP94kvV//uurM= ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/b202954f5a21e15a

Extracted

Path C:\CALPEVL-DECRYPT.txt
Ransom Note
---= GANDCRAB V5.0.1 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .CALPEVL The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5ad425612a5dd97f | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAACmCjp4rlCpKQyFo5A4ygknhd0FhUpPrOWHCxzbVzLGqZHYahYlnxb0+85fxQCh/3vigMgCyhW6qAboGGdOgIHJgCWIYf6s9fr1+yNqpU2S1jGM9KupV9vRxxNNFAdp7NScw2yI5JCzXFwOy41UrqRCtyH/Y7TFAg/8qAxHshvDhD/yYwK1+M/VLfhwqXECnENNZHRkVww9jjgcLpzxDiDev5Zgyd6Nfvu8sg/4IEnBd7EykDwx5Quy4gDmLKOZe7D/foJiCzmj8Hg5r8nR1Rj8L467UhhHN04Ky1MH1+UN7lHe5rMq8Sbt3T0xzQ4BQuhWARTstWmwjVF/C6a+4nYCDuFSjkgml1JuV1od57lBaBgc9Jhu6fod9Jqc4rDsBgKaqpgch2u29vh7IMR27gdHD2EZ9lhNDihmIq/aa31wfNdVO0IfAUOD99lnyH1YXLQbHClHtOFRxam0xaXE/1iV108rpuYhLq2mvG8ta3Pqw9W+gh23QSQ/R/zr4NNgLON0FDZubFKLhIRWcqLz2a3mjJS461J8Z/MTJMIS07zVRrg/na4nxSDNTI03UuOWNmOi5ZNHU7zrNfoXbMf3qbs+a4NMsgfYAIXzJzYzBwBzsAylaf1Gz/0XjjYKUYZprmLDzVaDOZ2hBO9DjcfznJLFUFJnmAluTKkpsBtDjwz+rYc87NlO0OYaZha8G0MD+nmRDMH/mUnqAoAL5JpkwPxV4eBJh+6ouFzvi90ckK6ebQljXbwsU6v+FmEcROhOmzdzwWfyA5PN0iLhdRPhwwtBv6SIUZ/YHwIJF9VR9WPevJVOiW13wwnz0tuRVFuRTSwW/UmHCuhFK5bn2/NVO+7PgGQfbJhIIyh1oqSNn0snFvCDzPtHb4S9P/aqIDGm4FXTOnN77c/aiQkLWYYktp7cIqRAZLmgYRuky66Vi7XhHVuwgatFGTKuCMG2/zbDCzSXLCljyqyE91vMdt96rDXOIqR8jJD6yttahkarpW3153S8KriLHh16BwLwUUO5yGo0AUWIZN2sa3uAqCXpFb2ENrR5MYbY1gLoYRZ9cioN52i582WW4/Ke73IETx5fvuHTKYPJEm7TZflla2roVqw6P9euUXclt51z88BKAfKZOwAHlpPGjENjsttBQKI41q3MpCkf1ibkYzrNjcMnf7oBPDmoV7UOflgvRx3PDl9cxoolJ+c9qMW1PepXshEQx0S2XvnGMBk7Vyqj71gEHvJ7VKpokF6kLdiVncQSKvhQqMFrT8KuMjnzz45oSvgyej04mkC59wXijagF3CvfIsfPrlvnanKMBG+PJu7+W13bfrULGY7y502Q9fGhQjsaOXDm8tt09HGmjv6MeYXnnFm6VURpz05m0y0J2vb6yTjJxR2BYnuHm4OmlNyejluuoae9o4FTNPDnB4Ix3mwZZ2k9DZS//pKCqZAr2dX8oRLyOELcIhIU7DhwyJTeuIK0NcFnISYdVBr0jpnApF5uceG+tuFeWo4pFqNcM6aOoZx+i5jGuhSwY+Ih2/8jHes3Qls6SJSE1mgWxaEXfdeXH40mZ8EhPm39elBt3qEdtoxhHR1z+76Zxd/MwsMMQ46cmZJG7aJtkQzbL1ebpMt1ZpM0z+f4DIaDWyG3lTI5ErIK9r43TIyw9vLUj22BG5nGTuzSYyUHSnkXWW9mROBjkTHkfoW/kUWDex/yHDNf3k1pQSXxn1uGkAc8eAd92vlo9g3XCqrdwb+A1Fxd/CJVfaTgGYs2ri2O1v2V8Ir7SSGNNPqdDpfF9uGjG5f51K71D6weW4kmf6jk6cvv5OEMveBU8V//bbPmXSk/tQ7rBNg7Eux1fNwN3AMiyANoCUtT+OEvugoqOSwqP2LEkP12KLegmRycZjSnA2Kgzk+2EsFE4XLSb1AHB8CVKvCqX7g5qPZWEG/cYMdTahVlDXtOyrJ4txza3jaBYB6Kabvrhkb8V6xWxjB/QVLvtayJ2quwemdrhfLi73xzOYBc9LfoiYJzjZ0xje6oGveFuyZZvbnxT7mw/1puGY68IUxVFwFIoW5H4gRIexZDSQ2ccs0wLHl9Pf+i5aI9KZ8DqvnPSjloTIYdLo4IxRC6OD7zsd5Ofe2x14QAlrXfRf3zaWTisesGL0AZwJkAdWtwoELKfwqdVCRbg9cE82Izc0xm1vo0ydC9l4EXFGpJCeR9hww0RPLdDog1Ix4qJl8mGj4MDdVn7XUDKBZchf/5lIN/O4ZfYfxL8TWM= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZOTp1RqnYK7nFWtbffTGeHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZIP7k/TfrG1tVzlDb3jcZAB3gql9dnWN0lCD4xdg7bDNQrvH1xSi3FCw+6kfktKtizqdynr7r154JiurEmkUXB5eL1/zI2FeskGt5YalqCBiXt/BHTEY0b9Scb4t64bab3Y5NyPYz32XaispQRTRkqF1PXJPcJ15EHwNAoAxPMnKg+De5fALafiWE+g6xrIQ3vxBFKwg7yZizpCxFE3vPLMOat1wIZMnQeRlGKajmI1gXgeX8EmUHfjiyxQQxnz7JBlpawv3IDVYjpfzfwfAIcOsA2PzRNwX8PQy7ChaZPEubtMkioBZdMbJHjHssOL7+KRYAP+4kgV67utbOZzJr9ZHY= ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/5ad425612a5dd97f

Extracted

Path C:\DEDNDTS-DECRYPT.txt
Ransom Note
---= GANDCRAB V5.0.1 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .DEDNDTS The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/8afbc90b3c676b7a | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAGcApOtgZrWKX86vjQuPwKtRyvTEdj9NdHd+TBh40T15ZsMc7zLlAaTKF03mtB6VA69QV+yVCeaeoU1SNn0/p0xVXFi6A5/s4Cwo4/cX+LfpS9bZAQxl9PFcT3Q7bUluVco8u22dOs4g0Z42Nq1PiowEEcEgMwLZLU8EzgBuLlTgx9DViYjI9zK9TzwtS+5I/cY/iH1RaaxiqasQ9CtuebY4vjFvRsi8Vl6EgNP78h2Zb8ss/9G4FHAHYT7lhxLC4WZIJ2ecR9Y2S9Q2h+t6WXs+Txf8WYuqEmj0437ufbVKZCaZ/OZG9RsUzx8BXEub0Q9RxK3hJcN5iLVB2+yqcZ5yL8rrcKZQZIFphiEit70C1rtvxaIt/MFoCplHMCpVT4XsXazB5f0NJGBav2N0v5L0byIA4LWkwjqkpgCFBqXeMWK0ySgx28MEanP1Lv7vDdqbJ1CXrzjpoydlwMC/QA6q9Uj/CVNy5Z+ejNsD/89S83obsVLjvxz6+TorAcDLQQ+8XXS+yxGVqTs0HDcIzQKjGZgamwfajFKps+67D8L2xH/3DyFnA7zVUoDJTiM4FdXDzAxQ+sFORpfWKq0OyaFqIjQiyJvSG3tk3v5hKPf7G99/0ItzjDaP/oNKLHmS5QvZpuEA8pSlAp4lVCnfPwa7UIZF2zg9In+zsxnVNoQTZWshP7MepKv39JQJc8Vbl77LhzO91a+j9K+37pK6YMhKPQtCl0grQsdvYeTKh1lu0TIzyFmJ0Ow83wRTjBGeHt9b6EXZZK3Ua2T4Pv9xb1FgV/pEnbzV37GpnnEV9aMPxAkKU0+W7J4ftoI1PKi+fzwkqRWgN7evl7mC6Cc3RkQxl291RwUbnIhi/fnkEDp0I2H8au3eCE5qhA9q7M/3+1ixF6DxV0CBXOwnYkvimPMwmiDChQk9PxaHdUIbeq0/Vs7Fmn4mZinYmZKoIM6RncPPXJuDPPJtuvGKtWEsiKu98BifyRKu2vSnUcJ9eV7f+05tNkuUf03UJ2MxTBSXbGcT/d/iINn1JRnQ5afiPBpZLcxoZ0Nx+dbOcNiDiWnb2EyLZGW8JW8z3JTbViNxj1WckCDciDiWU+z23/bFaCHF1ZwSI0TQ/VgYb1xn0zfjjE4jU0ZQr3gD+F7SqGuhnCAqRGrOKxooRZImtodxMZgA8h5UZmsSSCKL8BMXis9zCHgGeQXEgckqXUq/JKFPxmj/ZiawGlNGjmP7mXCMBNu6ArbMJGZoqv5oL0eCKx0uS5sto/OpsNBJvQlXX6sy2u0V/BoTgxRYq5WWd9Q5k13/P/GKyWpNUM0eEqsosoxgOKapQLg/NnRlvPpHRXBjHnDCZHEmOTKFXOha9gW+tKwxmbIAuVM39N5BoJoKp+F7YsIRqkbQ5c/EHs12bK9RSgykNUAavOUkhFWodJ1fLoW+HSQbTMEwIZfs3/C0Inc6NZm/sWVVDInKlF+YvYyXdvD9FzsnzcViVcj3j41DIK5KIq9nJX82ERduZaGlCH27VVL3NoivpYjdEMQQnjpoCivrepEPe7NKIcspKNwgzlTkW/7WMnHg+en33zKfFmnvLJHxuOF0NfGD20qIJzibse+rSI68wvUsUL2BoTrw5stOYfQ7XNpQt0jFvHdYyPIAdVdR4WooU22Mpeacs1Gtoq/IKiptSq+3Yp9i04s2fzMdNhcr0uG4bJAwRtINGqO1h/c6qbR8LZY8r0tA1gHJapzlzsJ8s1o+31ocsLt6DOKCehQhyF876dgeZcWN3SjmM1L/RdgjtpE4XJp+2zOUYXeFhIwSCffWogQydcRrOq7e1g/NBt2WVGy8CFIRxY+EZCWEIZhoMWNi2aPhERchMdcuDDGGHDLcDK5zHEooZilJwLdG3w65zVUQTHkhAtZhHrVi7juyUJlERCP07HDHiSDFGgv0MtyHT+9ZTxo8iLw9H5IBDoomJ/BzbEXQ3b3pLIAANUFXhB01Mdw0lXk0E8ApRzZxidclS2ON9zothXicABaWfrErrNUDdK4u5NNr2cJ4Q4V1P/evDJAAr1LK1vvUuLl5Ox6S7g++cdF1Aocgm/79fLr+64bR3Axcr5jeqcZ2X4R2kF0hExtcOMCA17w7gsl2tMHOdIniNwpMOJTIue1Fy8CvNddLEilP1HRNpa6zTE2BSlW3PNU9GhBSLr0LCbQq/syZ94ABw6e+6zXfwOvRFDr6VoabaQMf+2c8ZFTKizbecgCXIqjx8ETZh0VZ//4= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZFToRRrXYT7nRWvbfMTG+Hhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZdP6U/VvqF1shzlzbajc1AHXg7l8xnT91gCFUxMg7ADMEr7316SnTFUg/DkeItL9jgqZenobr+579isLF7kUjBsuKn/zU2F+shGt1YPlqEBnbtuxGOEY0b9Scf4qq4MaaXY7JyAYzW2Q+irpQZTWgqalO4JIUJo5FhwNYoDBPInKY+DO5AAL2fiGE1g65rIQ3gxA5Kxw7wZi7pCxFN3uPLaOb91wsZOHQfRkOKPzmU1gPgG39UmRzflSz0QUpnmbI4lomwvnJMVc3pJTerfEocccBmP2hNgn9IQ3DCzaYTErDtaEjxBdZMM5H4HskOLb+SRYUP ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/8afbc90b3c676b7a

Targets
Target

872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.sample

MD5

700a4f7ed40dd9ac29891c2ec3d4bef7

Filesize

168KB

Score
10/10
SHA1

1546e3bbe9eb3e6b185097226bb758d98a207429

SHA256

872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f

SHA512

1b615297f445eb4c3909e46191834450191b6e9716a83c380a02db6566dd96431f6e2271c01508d3f271af0b4fbfff31b485e1fc6bf952a4b2177aa41fb65c0a

Tags

Signatures

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Sets desktop wallpaper using registry

    Tags

    TTPs

    DefacementModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Initial Access
          Lateral Movement
            Privilege Escalation