Extracted

• • Target

    a038550b84921c092cb4bbaf4cd9e6ff2183b6e866a6f7b1d62403afa042110a

  • Size

    86KB

  • MD5

    a3bd9be795f3bb86cc5f9cfdafe63174

  • SHA1

    1e74684bdbafb21b4a742ab436f2372dd87e2c10

  • SHA256

    a038550b84921c092cb4bbaf4cd9e6ff2183b6e866a6f7b1d62403afa042110a

  • SHA512

    7220c614c7d42f563e0d9777a4dd8023430e53eb4aa3e260668545999051f46ea64a267694da734cba553a4716923b72d5d74867014211a744faf064f23a23f7

  Score

  10^/10

  crypvaultponycollectiondiscoveryevasionransomwareratspywarestealer

  • CrypVault

    Ransomware family which makes encrypted files look like they have been quarantined by AV.

    ransomwarecrypvault

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2