d2ef074251e3e755883236f01cc367d31a4fb5863ef5077b23bc4b139acc4511 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2ef074251e3e755883236f01cc367d31a4fb5863ef5077b23bc4b139acc4511.exe
Size

4.5MB
Sample

221003-d5x7dafgfp
MD5

fd17e5b4a8c3dec30e5349deb79e8943
SHA1

5027f3dbfc600ef611d72b16d818f34aece4de19
SHA256

d2ef074251e3e755883236f01cc367d31a4fb5863ef5077b23bc4b139acc4511
SHA512

4f7d2e185ce11e9a9142a2d0370f599b01de5efad19d70ece868a75d3a7f3afb1f41fc8d76393359aaed2971dda56d54a4d669afcc56c0f6bc75737c0c60a713
SSDEEP

49152:xjLuSh3i+FtvkMzT+TIRLhd4HOV5ZNt88QulV03OX:5Lu1TIRtUOV5Zv

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  d2ef074251e3e755883236f01cc367d31a4fb5863ef5077b23bc4b139acc4511.exe
- Size
  
  4.5MB
- MD5
  
  fd17e5b4a8c3dec30e5349deb79e8943
- SHA1
  
  5027f3dbfc600ef611d72b16d818f34aece4de19
- SHA256
  
  d2ef074251e3e755883236f01cc367d31a4fb5863ef5077b23bc4b139acc4511
- SHA512
  
  4f7d2e185ce11e9a9142a2d0370f599b01de5efad19d70ece868a75d3a7f3afb1f41fc8d76393359aaed2971dda56d54a4d669afcc56c0f6bc75737c0c60a713
- SSDEEP
  
  49152:xjLuSh3i+FtvkMzT+TIRLhd4HOV5ZNt88QulV03OX:5Lu1TIRtUOV5Zv
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2