Overview

overview

9

Static

static

55509a771f...c0.exe

windows7-x64

9

55509a771f...c0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55509a771fe9e7218e8acd9a9ce5150bd1f21956559dd28213a14266e22583c0.exe

  • Size

    2.6MB

  • Sample

    221006-d22qdsgear

  • MD5

    51aa11d492b16e856d105368839e9105

  • SHA1

    9800d1db47238cffea6d5581b57bab555b6df82d

  • SHA256

    55509a771fe9e7218e8acd9a9ce5150bd1f21956559dd28213a14266e22583c0

  • SHA512

    7385b5eec285d1e1b945555a757c2b055241d913944e32e8384f74da391213e514ada32356ef2a8788b81d5d52d01588e14bcb2a3e83a421db6425b79a999a99

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKa:2jLuSh3i+FtvkMzT+A

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      55509a771fe9e7218e8acd9a9ce5150bd1f21956559dd28213a14266e22583c0.exe

    • Size

      2.6MB

    • MD5

      51aa11d492b16e856d105368839e9105

    • SHA1

      9800d1db47238cffea6d5581b57bab555b6df82d

    • SHA256

      55509a771fe9e7218e8acd9a9ce5150bd1f21956559dd28213a14266e22583c0

    • SHA512

      7385b5eec285d1e1b945555a757c2b055241d913944e32e8384f74da391213e514ada32356ef2a8788b81d5d52d01588e14bcb2a3e83a421db6425b79a999a99

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKa:2jLuSh3i+FtvkMzT+A

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks