ced57d8f3dd62f145a1a8a0ff80e0c88e3f12029bdce46c8ef289868738b613c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ced57d8f3dd62f145a1a8a0ff80e0c88e3f12029bdce46c8ef289868738b613c
Size

8.0MB
Sample

221015-c5bspsfbap
MD5

736a5e28a306c42c91554a4fb7e7f378
SHA1

0ac2ee2e6a84d30f27750afaa89b61f25f9970d4
SHA256

ced57d8f3dd62f145a1a8a0ff80e0c88e3f12029bdce46c8ef289868738b613c
SHA512

428fef9f927e0f904c8be91cf048c2c39018b65a2d6fe5aa69b3a8246a20ac3b807bd1ca270f0e2a017a2d0af5c3cf4d7b78b21cc23aff738d57b58a1a2d1c10
SSDEEP

98304:eLu1g9ZGlWrfTZmHqXE9ssD/QjI+1ozfLu1TIRtUOV5ZHZ7OV5Z:ed9JTZksaJ+1orTRt

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  ced57d8f3dd62f145a1a8a0ff80e0c88e3f12029bdce46c8ef289868738b613c
- Size
  
  8.0MB
- MD5
  
  736a5e28a306c42c91554a4fb7e7f378
- SHA1
  
  0ac2ee2e6a84d30f27750afaa89b61f25f9970d4
- SHA256
  
  ced57d8f3dd62f145a1a8a0ff80e0c88e3f12029bdce46c8ef289868738b613c
- SHA512
  
  428fef9f927e0f904c8be91cf048c2c39018b65a2d6fe5aa69b3a8246a20ac3b807bd1ca270f0e2a017a2d0af5c3cf4d7b78b21cc23aff738d57b58a1a2d1c10
- SSDEEP
  
  98304:eLu1g9ZGlWrfTZmHqXE9ssD/QjI+1ozfLu1TIRtUOV5ZHZ7OV5Z:ed9JTZksaJ+1orTRt
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2