Overview

overview

9

Static

static

fe203a2492...b0.exe

windows7-x64

9

fe203a2492...b0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe203a249205363de6bb4f0ce01ec351b876383dd562c67f5ee8c763808ce4b0

  • Size

    2.3MB

  • Sample

    221010-ynwbnsdab5

  • MD5

    116a08c0ad1de4cf803fb5fdce387a09

  • SHA1

    208b00d6b01f40133c7a199a0e69aaeb2edb09a9

  • SHA256

    fe203a249205363de6bb4f0ce01ec351b876383dd562c67f5ee8c763808ce4b0

  • SHA512

    3710094261654fd21dfddad56f3ead9948b9caeefbfb009085ec3077c1ba95da28c3fe2bc2db16e7699c432222f4e555d35cd09239b24c4fd45a7b0455528236

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7Chu:ejLuSh3i+FtvkMzT+b

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      fe203a249205363de6bb4f0ce01ec351b876383dd562c67f5ee8c763808ce4b0

    • Size

      2.3MB

    • MD5

      116a08c0ad1de4cf803fb5fdce387a09

    • SHA1

      208b00d6b01f40133c7a199a0e69aaeb2edb09a9

    • SHA256

      fe203a249205363de6bb4f0ce01ec351b876383dd562c67f5ee8c763808ce4b0

    • SHA512

      3710094261654fd21dfddad56f3ead9948b9caeefbfb009085ec3077c1ba95da28c3fe2bc2db16e7699c432222f4e555d35cd09239b24c4fd45a7b0455528236

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7Chu:ejLuSh3i+FtvkMzT+b

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks