efb0f928648e6988c29bb03bb6b14f2760870f3040f0195ca1c6ad8ac5fa2dee | Triage

Sharing

General

Target

ransomito.exe
Size

2.1MB
Sample

220603-3yetwsebgk
MD5

f48a1057059028a65f2ec37e90d4deec
SHA1

ca8c5636aa98948c3b25153188b98967cc65a42b
SHA256

efb0f928648e6988c29bb03bb6b14f2760870f3040f0195ca1c6ad8ac5fa2dee
SHA512

57d62b07741effba928c92d39b5bd2dfc9c341b237ab1f83ba33e9cdba079a14bec1bbf63333b18f964e982bc510f615314f4426c258538e5be80f0a36c2b0a2

Score

8^/10

evasion ransomware spyware stealer

Malware Config

Targets

- Target
  
  ransomito.exe
- Size
  
  2.1MB
- MD5
  
  f48a1057059028a65f2ec37e90d4deec
- SHA1
  
  ca8c5636aa98948c3b25153188b98967cc65a42b
- SHA256
  
  efb0f928648e6988c29bb03bb6b14f2760870f3040f0195ca1c6ad8ac5fa2dee
- SHA512
  
  57d62b07741effba928c92d39b5bd2dfc9c341b237ab1f83ba33e9cdba079a14bec1bbf63333b18f964e982bc510f615314f4426c258538e5be80f0a36c2b0a2
Score

8^/10

evasion ransomware spyware stealer
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomwarespywarestealer