017f8f567c832fd27248bd2d812795adb0a6d1f92a2e91fa08b9eaaf33676c08 | Triage

Sharing

General

Target

CAD.bin.zip
Size

175KB
Sample

220311-trwdmadcbj
MD5

964faa0f1a170358e1d0443aba23af2a
SHA1

403570286a90384e7f9825a912b663e7b6ac130f
SHA256

017f8f567c832fd27248bd2d812795adb0a6d1f92a2e91fa08b9eaaf33676c08
SHA512

c347e843ed844ce2de6a2189ffba610ea2c83a4057d9d389162822dede2e1becb59edca3f9aea7ced2489d0eacde5a014fec414cbf970709285b4154f7669d1d

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
cadransomware@gmail.com
Password:
AAss2288

Targets

- Target
  
  CAD.bin
- Size
  
  261KB
- MD5
  
  1c249309871bae43fe787df7976df355
- SHA1
  
  12da8b967fd7a4a64f3836372430c5862ee24528
- SHA256
  
  8a1d46b80f61c17f62139c1b46be9208e09055e821d8bed59532089fa5b21b48
- SHA512
  
  8127487529543ff3d5240bc4ea7fc3c6dd8f802ea522267c3b73224dfc13bbcac311c521c636f5874306d9694e19d1e71a1b4d25b2ac1c57d1a82d095ce47d73
Score

10^/10

ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer