Overview

overview

9

Static

static

054e2766c4...6e.exe

windows7-x64

9

054e2766c4...6e.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    054e2766c4ae75f4409bab3180a52df905175f000aa5bea57b154b8c7b7a616e

  • Size

    747KB

  • Sample

    221015-abf48aehep

  • MD5

    c42bdefd036a91f73c22dfa49e7346ff

  • SHA1

    78afa38da28807dd6bbf78b1d24f1e2b5b0c42e1

  • SHA256

    054e2766c4ae75f4409bab3180a52df905175f000aa5bea57b154b8c7b7a616e

  • SHA512

    0141b041d3bcf4663511e99df92b063ae7b84eb61e8a66c8f8181133082ed7c9ebee790b6aaa491067ceda8e61f3c8625ad2e1c256b7335fd929f2ccadce33f0

  • SSDEEP

    6144:e98L598L598L598BEbS89TBqzyfmbOv56MiwU2UpJgt6cHezPZh50HdLLmlFgOa4:lKKut89Ts7bjJkIzP3+LmlmF3c

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      054e2766c4ae75f4409bab3180a52df905175f000aa5bea57b154b8c7b7a616e

    • Size

      747KB

    • MD5

      c42bdefd036a91f73c22dfa49e7346ff

    • SHA1

      78afa38da28807dd6bbf78b1d24f1e2b5b0c42e1

    • SHA256

      054e2766c4ae75f4409bab3180a52df905175f000aa5bea57b154b8c7b7a616e

    • SHA512

      0141b041d3bcf4663511e99df92b063ae7b84eb61e8a66c8f8181133082ed7c9ebee790b6aaa491067ceda8e61f3c8625ad2e1c256b7335fd929f2ccadce33f0

    • SSDEEP

      6144:e98L598L598L598BEbS89TBqzyfmbOv56MiwU2UpJgt6cHezPZh50HdLLmlFgOa4:lKKut89Ts7bjJkIzP3+LmlmF3c

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks