Overview

overview

9

Static

static

9926760e1f...bc.exe

windows7-x64

9

9926760e1f...bc.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    9926760e1f528db5d56b7406049ee0d82dd7352a31e7a14530ad7d9ee3677bbc

  • Size

    1006KB

  • Sample

    221015-cmwp6afad9

  • MD5

    d8860775ddc4d4d47b3641e9f6b86a1a

  • SHA1

    1f4abe324caf24396a3c7d384ccc93a051461c0f

  • SHA256

    9926760e1f528db5d56b7406049ee0d82dd7352a31e7a14530ad7d9ee3677bbc

  • SHA512

    ab737968a7664a6e2e6afbc677edde64a03c5ff198e6664b341d3627fb2abf5d79a3ca1ff7f67ea79135d0d87cf9bd787ca6298a372add8396635d7e453824e5

  • SSDEEP

    24576:lKKKKKKKKsxr4cQFTj0OZeVJ904XppcQ9:eqcQFTIOZeN04TB

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      9926760e1f528db5d56b7406049ee0d82dd7352a31e7a14530ad7d9ee3677bbc

    • Size

      1006KB

    • MD5

      d8860775ddc4d4d47b3641e9f6b86a1a

    • SHA1

      1f4abe324caf24396a3c7d384ccc93a051461c0f

    • SHA256

      9926760e1f528db5d56b7406049ee0d82dd7352a31e7a14530ad7d9ee3677bbc

    • SHA512

      ab737968a7664a6e2e6afbc677edde64a03c5ff198e6664b341d3627fb2abf5d79a3ca1ff7f67ea79135d0d87cf9bd787ca6298a372add8396635d7e453824e5

    • SSDEEP

      24576:lKKKKKKKKsxr4cQFTj0OZeVJ904XppcQ9:eqcQFTIOZeN04TB

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks