Overview

overview

9

Static

static

56c2d7be32...b1.exe

windows7-x64

9

56c2d7be32...b1.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    56c2d7be3210f307818ae46f36621c39ecdd34ee8e257d49d1e348d82eac9ab1.exe

  • Size

    9.1MB

  • Sample

    221012-jyvessdaa5

  • MD5

    b812599e422e43884d82d78291f85c11

  • SHA1

    d4c179b0bfb8adceccdbad168dd662738fad770e

  • SHA256

    56c2d7be3210f307818ae46f36621c39ecdd34ee8e257d49d1e348d82eac9ab1

  • SHA512

    7052eb0da72cca982d142af79379f0d2f7623a154184dc1b8b7842abf26de3097bea635b25b4eed76e3529ade75cf8a411232db7b20f5328b6dad75c15685c5a

  • SSDEEP

    98304:+Lu1TIRlClurxUTkCOS20BYql7x+oZHcV4i/kgE7/FG4l7zP3u+0xZHcV4i/kgEo:+TRscqG0vGfLgAtjpA

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      56c2d7be3210f307818ae46f36621c39ecdd34ee8e257d49d1e348d82eac9ab1.exe

    • Size

      9.1MB

    • MD5

      b812599e422e43884d82d78291f85c11

    • SHA1

      d4c179b0bfb8adceccdbad168dd662738fad770e

    • SHA256

      56c2d7be3210f307818ae46f36621c39ecdd34ee8e257d49d1e348d82eac9ab1

    • SHA512

      7052eb0da72cca982d142af79379f0d2f7623a154184dc1b8b7842abf26de3097bea635b25b4eed76e3529ade75cf8a411232db7b20f5328b6dad75c15685c5a

    • SSDEEP

      98304:+Lu1TIRlClurxUTkCOS20BYql7x+oZHcV4i/kgE7/FG4l7zP3u+0xZHcV4i/kgEo:+TRscqG0vGfLgAtjpA

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks