Overview

overview

9

Static

static

fa0ce9d9ca...86.exe

windows7-x64

9

fa0ce9d9ca...86.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa0ce9d9ca1e998d122a73e77bde12ddbba9a5bb76ba059439f3a184e791e786.exe

  • Size

    8.7MB

  • Sample

    221010-ynnltsdab3

  • MD5

    9aeb1387c3ff3da7224b1c90b0127867

  • SHA1

    0cb760258b1d08850d852b2414f9e3878e3827b9

  • SHA256

    fa0ce9d9ca1e998d122a73e77bde12ddbba9a5bb76ba059439f3a184e791e786

  • SHA512

    20d28cc40e20f6d9cbb0475a7ab599005bd6fd8f48aae5fd5e5a71862f424147bc077a2050a47ba0a597ad069e6976dbacd8fc078061dc0c83ec7494d49a3f30

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3Dkd:NjLuSh3

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      fa0ce9d9ca1e998d122a73e77bde12ddbba9a5bb76ba059439f3a184e791e786.exe

    • Size

      8.7MB

    • MD5

      9aeb1387c3ff3da7224b1c90b0127867

    • SHA1

      0cb760258b1d08850d852b2414f9e3878e3827b9

    • SHA256

      fa0ce9d9ca1e998d122a73e77bde12ddbba9a5bb76ba059439f3a184e791e786

    • SHA512

      20d28cc40e20f6d9cbb0475a7ab599005bd6fd8f48aae5fd5e5a71862f424147bc077a2050a47ba0a597ad069e6976dbacd8fc078061dc0c83ec7494d49a3f30

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3Dkd:NjLuSh3

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks