8dd8b9bd94de1e72f0c400c5f32dcefc114cc0a5bf14b74ba6edc19fd4aeb2a5 | Triage

Sharing

General

Target

8dd8b9bd94de1e72f0c400c5f32dcefc114cc0a5bf14b74ba6edc19fd4aeb2a5.zip
Size

236KB
Sample

220322-pfgnwabdgn
MD5

989c5de8ce5ca07cc2903098031c7134
SHA1

73581818a30d3fb3e1f9e37de0c3eb55bfc0c236
SHA256

8dd8b9bd94de1e72f0c400c5f32dcefc114cc0a5bf14b74ba6edc19fd4aeb2a5
SHA512

7d1f2ff63b312019f047d68a81bb38b737507a43816aa576c385c4f15809fcd924003c0b7a8bc5a3c0ddb5040297de02b30cc7da753b353ba1543539bef7f3b0

Score

8^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  cpcrs.exe
- Size
  
  419KB
- MD5
  
  7d20fa01a703afa8907e50417d27b0a4
- SHA1
  
  320116162d78afb8e00fd972591479a899d3dfee
- SHA256
  
  3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe
- SHA512
  
  0dcebe2598e6ccb51f0609831c93071421049eb924f83871e95c5a280af0d2e76630dfc47c5a2780eb18d55ee9690d6c83aabd8f1043cc2cdc21d9fe5425b892
Score

8^/10

persistence ransomware spyware stealer
- Drops file in Drivers directory
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  csrss.exe
- Size
  
  412KB
- MD5
  
  b4f0ca61ab0c55a542f32bd4e66a7dc2
- SHA1
  
  43b3d5ffae55116c68c504339c5d953ca25c0e3f
- SHA256
  
  30b3cbe8817ed75d8221059e4be35d5624bd6b5dc921d4991a7adc4c3eb5de4a
- SHA512
  
  9135c8ea4a786b789477e892cf117274f897ead370c732f4f4c442cff91467fc9aea33239032314130dc09bdaf7230ffe2f71a0dc1e8fce793d1b7ff93b4ae3e
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

ransomwarespywarestealer

behavioral3

behavioral4