226d0d0583eea980cafc0f40e447cb7cca92181c2bd7d4097f6eecfcfe811735 | Triage

Sharing

General

Target

226d0d0583eea980cafc0f40e447cb7cca92181c2bd7d4097f6eecfcfe811735
Size

2.4MB
Sample

220520-1w7qsaedb7
MD5

115f654337a669065eb7a16c033c9a8a
SHA1

41e08af362e9622d9e433c728b883fbc59cb4845
SHA256

226d0d0583eea980cafc0f40e447cb7cca92181c2bd7d4097f6eecfcfe811735
SHA512

de3a8dc1bd62426f5948b81174f3d46dbca96ce71690a38cd532f919a958244f2f5d0716cfe2d954d1bb474bf00ddeab19888368532964729c43cfe7f36bb55f

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  226d0d0583eea980cafc0f40e447cb7cca92181c2bd7d4097f6eecfcfe811735
- Size
  
  2.4MB
- MD5
  
  115f654337a669065eb7a16c033c9a8a
- SHA1
  
  41e08af362e9622d9e433c728b883fbc59cb4845
- SHA256
  
  226d0d0583eea980cafc0f40e447cb7cca92181c2bd7d4097f6eecfcfe811735
- SHA512
  
  de3a8dc1bd62426f5948b81174f3d46dbca96ce71690a38cd532f919a958244f2f5d0716cfe2d954d1bb474bf00ddeab19888368532964729c43cfe7f36bb55f
Score

9^/10

persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Sets file execution options in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomwarespywarestealer