Overview

overview

9

Static

static

d4c54da31f...a3.exe

windows7-x64

9

d4c54da31f...a3.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4c54da31fbd7eb01f09a6f399d3c5ede4af0cb693b4aff64c6e1393a4f56aa3

  • Size

    7.3MB

  • Sample

    221010-s8amtacfdn

  • MD5

    0e3e395294a548b8ca1f68c6ac12b3b1

  • SHA1

    cbe3abcc09ea80cce026dd0c7f29cbbf8d3f8149

  • SHA256

    d4c54da31fbd7eb01f09a6f399d3c5ede4af0cb693b4aff64c6e1393a4f56aa3

  • SHA512

    797fbd0b3e329877a80c33629b720ea0602144b1c8219cf38a97191071d3e573ebe59093d14b26542d868c965b953386e4fbd30b519434bc49dc0a4cafe07298

  • SSDEEP

    98304:yLu1g9ZGlWrfTZmHqXE9ssD/QjI+1ozfLu1TIRtUOV5Z:yd9JTZksaJ+1orTRt

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      d4c54da31fbd7eb01f09a6f399d3c5ede4af0cb693b4aff64c6e1393a4f56aa3

    • Size

      7.3MB

    • MD5

      0e3e395294a548b8ca1f68c6ac12b3b1

    • SHA1

      cbe3abcc09ea80cce026dd0c7f29cbbf8d3f8149

    • SHA256

      d4c54da31fbd7eb01f09a6f399d3c5ede4af0cb693b4aff64c6e1393a4f56aa3

    • SHA512

      797fbd0b3e329877a80c33629b720ea0602144b1c8219cf38a97191071d3e573ebe59093d14b26542d868c965b953386e4fbd30b519434bc49dc0a4cafe07298

    • SSDEEP

      98304:yLu1g9ZGlWrfTZmHqXE9ssD/QjI+1ozfLu1TIRtUOV5Z:yd9JTZksaJ+1orTRt

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks