ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4 | Triage

Sharing

General

Target

ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4
Size

442KB
Sample

221003-xde19sbbh7
MD5

67745e5268513ec80e8c56f95fe9e340
SHA1

44e40f02fa8a0dee253585127d5ac8d6c21ba2b5
SHA256

ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4
SHA512

4dfed708a9d1e0a10d949a35a78ef74e826c0c1431628a7ab2bf9d3072c3be14d056e6ab36acb0e5bb199812355db8816e39c071b5672ec6ec91738110237bb6
SSDEEP

12288:I+oxj7Ch3Z5OV1qUC9QBAZNxeIZMorCaD1:I+o9qJ5OO6KZNxeIZMorCO

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4
- Size
  
  442KB
- MD5
  
  67745e5268513ec80e8c56f95fe9e340
- SHA1
  
  44e40f02fa8a0dee253585127d5ac8d6c21ba2b5
- SHA256
  
  ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4
- SHA512
  
  4dfed708a9d1e0a10d949a35a78ef74e826c0c1431628a7ab2bf9d3072c3be14d056e6ab36acb0e5bb199812355db8816e39c071b5672ec6ec91738110237bb6
- SSDEEP
  
  12288:I+oxj7Ch3Z5OV1qUC9QBAZNxeIZMorCaD1:I+o9qJ5OO6KZNxeIZMorCO
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencetrojan