f621b54e3fc1bf48b8deb2a7f7e8dc6c80132d887cdc56a5f51af7e595ac8ad9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f621b54e3fc1bf48b8deb2a7f7e8dc6c80132d887cdc56a5f51af7e595ac8ad9
Size

15.1MB
Sample

221015-abkseaehfj
MD5

4179577b334d64ea6d128ab89eeb4811
SHA1

94817c46e17f89398d539d479138c7873418f3a6
SHA256

f621b54e3fc1bf48b8deb2a7f7e8dc6c80132d887cdc56a5f51af7e595ac8ad9
SHA512

06f1d40df937455e1c619f1af64f83be246d5f6706e1c0d82f5a166b46306593fa5735b83fc8537219e4283323d5d50d94c342ae4f6245ada0d81b6b2d01033e
SSDEEP

98304:pLu1g9ZGl52dqV33xAhe2c9DuFJswsDBBqa2ZZzRTC0rBC3FO:pd9s2cxAjAiJsBDBBYFTC0rBC3s

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  f621b54e3fc1bf48b8deb2a7f7e8dc6c80132d887cdc56a5f51af7e595ac8ad9
- Size
  
  15.1MB
- MD5
  
  4179577b334d64ea6d128ab89eeb4811
- SHA1
  
  94817c46e17f89398d539d479138c7873418f3a6
- SHA256
  
  f621b54e3fc1bf48b8deb2a7f7e8dc6c80132d887cdc56a5f51af7e595ac8ad9
- SHA512
  
  06f1d40df937455e1c619f1af64f83be246d5f6706e1c0d82f5a166b46306593fa5735b83fc8537219e4283323d5d50d94c342ae4f6245ada0d81b6b2d01033e
- SSDEEP
  
  98304:pLu1g9ZGl52dqV33xAhe2c9DuFJswsDBBqa2ZZzRTC0rBC3FO:pd9s2cxAjAiJsBDBBYFTC0rBC3s
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2