Overview

overview

9

Static

static

ef2b6e8fe6...d1.exe

windows7-x64

9

ef2b6e8fe6...d1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef2b6e8fe6af972f9723719a7b747b7f91febe8759c8a3a996783e82707377d1.exe

  • Size

    4.9MB

  • Sample

    221006-jbs88agfb6

  • MD5

    681c4f58b5a682d8d7e9c1e3c9e3142d

  • SHA1

    603a368d3746b4db87c8058ee03e53bc354cc5c8

  • SHA256

    ef2b6e8fe6af972f9723719a7b747b7f91febe8759c8a3a996783e82707377d1

  • SHA512

    fe7c35c46160f3ed5f663c776afb824ae26d418e0a90b979345042c05ee4cc76651364fa56a327d1b8bbd8e227d820fe1f2c7b07bba2755fc811b82263979f0c

  • SSDEEP

    49152:ijLuSh3i+FtvkMzT+TIRLhd4HOV5ZNt88QulV03O8yuoCrfEb:+Lu1TIRtUOV5Z0PfEb

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      ef2b6e8fe6af972f9723719a7b747b7f91febe8759c8a3a996783e82707377d1.exe

    • Size

      4.9MB

    • MD5

      681c4f58b5a682d8d7e9c1e3c9e3142d

    • SHA1

      603a368d3746b4db87c8058ee03e53bc354cc5c8

    • SHA256

      ef2b6e8fe6af972f9723719a7b747b7f91febe8759c8a3a996783e82707377d1

    • SHA512

      fe7c35c46160f3ed5f663c776afb824ae26d418e0a90b979345042c05ee4cc76651364fa56a327d1b8bbd8e227d820fe1f2c7b07bba2755fc811b82263979f0c

    • SSDEEP

      49152:ijLuSh3i+FtvkMzT+TIRLhd4HOV5ZNt88QulV03O8yuoCrfEb:+Lu1TIRtUOV5Z0PfEb

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks