Overview

overview

9

Static

static

ecd3b069ea...a3.exe

windows7_x64

9

ecd3b069ea...a3.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3

  • Size

    110KB

  • Sample

    220211-g6hpvsbgd3

  • MD5

    f3443f0a0582171901df76c68c12c11d

  • SHA1

    70e06b78060b8dc09946080dbdd83a2811acff3b

  • SHA256

    ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3

  • SHA512

    14e3d4767b32079fe416cf74c04aa0b3dc5663ceddbb03fb727f9f1b99e9398d0d8c25bd4f8db358284c923d587db42ead3ca2cdb93183991c988198f79c53d7

Score
9/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3

    • Size

      110KB

    • MD5

      f3443f0a0582171901df76c68c12c11d

    • SHA1

      70e06b78060b8dc09946080dbdd83a2811acff3b

    • SHA256

      ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3

    • SHA512

      14e3d4767b32079fe416cf74c04aa0b3dc5663ceddbb03fb727f9f1b99e9398d0d8c25bd4f8db358284c923d587db42ead3ca2cdb93183991c988198f79c53d7

    Score
    9/10
    persistenceransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks