Overview

overview

9

Static

static

3ebc5cfd92...a9.exe

windows7-x64

9

3ebc5cfd92...a9.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ebc5cfd9206f43fb1e8dbdefd31fb7281a4afe387f6721783636fe29cb06da9.exe

  • Size

    76KB

  • Sample

    221016-h9fv4sghhl

  • MD5

    dfc3a72d75303809ec9a703911baa403

  • SHA1

    5e5e7facefac00bc390c820fc56f16462e3b1dbf

  • SHA256

    3ebc5cfd9206f43fb1e8dbdefd31fb7281a4afe387f6721783636fe29cb06da9

  • SHA512

    55b67530ff0caa29794ffb46fdb0967bb637bf5e67cdd0efacca2dc38a7602d61fe8cf66200a67418833191918a2979969f5ed6b728a2e89575caeb8359e81ac

  • SSDEEP

    1536:ra98My3ia98My3ia98My3ia98My3ia98My3ia98My3ia98My3d:e98My3598My3598My3598My3598My35H

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      3ebc5cfd9206f43fb1e8dbdefd31fb7281a4afe387f6721783636fe29cb06da9.exe

    • Size

      76KB

    • MD5

      dfc3a72d75303809ec9a703911baa403

    • SHA1

      5e5e7facefac00bc390c820fc56f16462e3b1dbf

    • SHA256

      3ebc5cfd9206f43fb1e8dbdefd31fb7281a4afe387f6721783636fe29cb06da9

    • SHA512

      55b67530ff0caa29794ffb46fdb0967bb637bf5e67cdd0efacca2dc38a7602d61fe8cf66200a67418833191918a2979969f5ed6b728a2e89575caeb8359e81ac

    • SSDEEP

      1536:ra98My3ia98My3ia98My3ia98My3ia98My3ia98My3ia98My3d:e98My3598My3598My3598My3598My35H

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks