8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4 | Triage

Sharing

General

Target

8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4.exe
Size

1.2MB
Sample

221016-h7mkwahah9
MD5

a36815cebb90bdd7fa089e352653c453
SHA1

550ac30c3b1d84bd0860ce1fab40121b6efa5ae6
SHA256

8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4
SHA512

71655a3f1d5a4ee6f3e258d2f4f2356e1d91bfd96aff9e060cffdfb3e6359e4e521881534a381d3e37a8b5d37ea31f4aa21d31fb274cbf89f7016475f824479d
SSDEEP

24576:lKKKKKKKKKKKKut89TMFZ2qrQHTdocJVZUrK2MtENe:Ut89TMn24QHTdRJVZUrK2MtENe

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4.exe
- Size
  
  1.2MB
- MD5
  
  a36815cebb90bdd7fa089e352653c453
- SHA1
  
  550ac30c3b1d84bd0860ce1fab40121b6efa5ae6
- SHA256
  
  8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4
- SHA512
  
  71655a3f1d5a4ee6f3e258d2f4f2356e1d91bfd96aff9e060cffdfb3e6359e4e521881534a381d3e37a8b5d37ea31f4aa21d31fb274cbf89f7016475f824479d
- SSDEEP
  
  24576:lKKKKKKKKKKKKut89TMFZ2qrQHTdocJVZUrK2MtENe:Ut89TMn24QHTdRJVZUrK2MtENe
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2