Overview

overview

9

Static

static

463537c6d3...4f.exe

windows7-x64

9

463537c6d3...4f.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    463537c6d3b92fb75c270f14bec4e035c34d24b7bb7107399484e8f0b3107f4f

  • Size

    5.7MB

  • Sample

    221014-ns449sddal

  • MD5

    2401b74a8dab98375a6a5b41691e5e91

  • SHA1

    8a84484ef038527a9214e38dd79a9d86acdba351

  • SHA256

    463537c6d3b92fb75c270f14bec4e035c34d24b7bb7107399484e8f0b3107f4f

  • SHA512

    a9402fd06d73bb367bf302522109ef43804add8fead75b4d973c26e0fc7b622896891129d5f85e01249af4087538aa59a72e9411c8f1d9adeb9bb3f691211fad

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3Dkd9+ZDd3vt:RjLuSh3i+FtvkMzT+3HfOG

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      463537c6d3b92fb75c270f14bec4e035c34d24b7bb7107399484e8f0b3107f4f

    • Size

      5.7MB

    • MD5

      2401b74a8dab98375a6a5b41691e5e91

    • SHA1

      8a84484ef038527a9214e38dd79a9d86acdba351

    • SHA256

      463537c6d3b92fb75c270f14bec4e035c34d24b7bb7107399484e8f0b3107f4f

    • SHA512

      a9402fd06d73bb367bf302522109ef43804add8fead75b4d973c26e0fc7b622896891129d5f85e01249af4087538aa59a72e9411c8f1d9adeb9bb3f691211fad

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3Dkd9+ZDd3vt:RjLuSh3i+FtvkMzT+3HfOG

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks