a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5 | Triage

Sharing

General

Target

a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5.exe
Size

584KB
Sample

221016-rjbyxahfd6
MD5

497442b4fe86a26cfcde5c17caaa10f4
SHA1

00ce115e8c2b2e2b9b45aa73fcedebd7a32ef427
SHA256

a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5
SHA512

bd61c707af52d424a3386af4097ed35b32d4ca23ae29aa4409921bdf6a612ecd0805842a75f8d8ac630c69cddac5e2692f45dbf54eaab782c3bce7d5bb9a012e
SSDEEP

1536:ra98My3ia98My3ia98My3ia98My3ia98M:e98My3598My3598My3598My3598M

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5.exe
- Size
  
  584KB
- MD5
  
  497442b4fe86a26cfcde5c17caaa10f4
- SHA1
  
  00ce115e8c2b2e2b9b45aa73fcedebd7a32ef427
- SHA256
  
  a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5
- SHA512
  
  bd61c707af52d424a3386af4097ed35b32d4ca23ae29aa4409921bdf6a612ecd0805842a75f8d8ac630c69cddac5e2692f45dbf54eaab782c3bce7d5bb9a012e
- SSDEEP
  
  1536:ra98My3ia98My3ia98My3ia98My3ia98M:e98My3598My3598My3598My3598M
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2