18d8ec930dc4f6622c8a097a28ffa4a3ec73fbb0289a6f487d539434f071079a | Triage

Sharing

General

Target

18d8ec930dc4f6622c8a097a28ffa4a3ec73fbb0289a6f487d539434f071079a
Size

995KB
Sample

221016-d7z4ragfbq
MD5

d228c60e17c18754c6e13478cab87d06
SHA1

4e657c82ff7d33d2e740596e7055c5b6d79d2662
SHA256

18d8ec930dc4f6622c8a097a28ffa4a3ec73fbb0289a6f487d539434f071079a
SHA512

7f0ec7849a368a2e9cb3a2a778fd6c5bdc903149bee31af1d5952834f0f11a18fba0c0babc322eaea1e5ed5b7de5fd5ab7a810f08267c662b90a6aac590e6ada
SSDEEP

24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSr04XppcQ9:ejLuSr04TB

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  18d8ec930dc4f6622c8a097a28ffa4a3ec73fbb0289a6f487d539434f071079a
- Size
  
  995KB
- MD5
  
  d228c60e17c18754c6e13478cab87d06
- SHA1
  
  4e657c82ff7d33d2e740596e7055c5b6d79d2662
- SHA256
  
  18d8ec930dc4f6622c8a097a28ffa4a3ec73fbb0289a6f487d539434f071079a
- SHA512
  
  7f0ec7849a368a2e9cb3a2a778fd6c5bdc903149bee31af1d5952834f0f11a18fba0c0babc322eaea1e5ed5b7de5fd5ab7a810f08267c662b90a6aac590e6ada
- SSDEEP
  
  24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSr04XppcQ9:ejLuSr04TB
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2