d243a342c76ea5b9d9c37671f1ea3260d637a553945037781f71d9973cecc0d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d243a342c76ea5b9d9c37671f1ea3260d637a553945037781f71d9973cecc0d1
Size

489KB
Sample

221002-yap8hahddr
MD5

546554152709f074e953574b2f8fc230
SHA1

b694e2efbf05dcb8ebe4cf184f1553732522026f
SHA256

d243a342c76ea5b9d9c37671f1ea3260d637a553945037781f71d9973cecc0d1
SHA512

cf45eabec73079377704b0c72ceb2835edc247acfa35bc4f0bfae0d6ca1e4833cb2c90bcabea2ad0e05f59cb84a6e94b4024feab707fc0f2ee9e8c004d3556f4
SSDEEP

12288:VG9Or/XvReObFLnbJjUYP83kkS4Adhlp3H5jAcm:VC6XvR1bFLnbJ9P83kkS4Slt5jNm

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  d243a342c76ea5b9d9c37671f1ea3260d637a553945037781f71d9973cecc0d1
- Size
  
  489KB
- MD5
  
  546554152709f074e953574b2f8fc230
- SHA1
  
  b694e2efbf05dcb8ebe4cf184f1553732522026f
- SHA256
  
  d243a342c76ea5b9d9c37671f1ea3260d637a553945037781f71d9973cecc0d1
- SHA512
  
  cf45eabec73079377704b0c72ceb2835edc247acfa35bc4f0bfae0d6ca1e4833cb2c90bcabea2ad0e05f59cb84a6e94b4024feab707fc0f2ee9e8c004d3556f4
- SSDEEP
  
  12288:VG9Or/XvReObFLnbJjUYP83kkS4Adhlp3H5jAcm:VC6XvR1bFLnbJ9P83kkS4Slt5jNm
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan