Overview

overview

9

Static

static

aab9daae6d...f2.exe

windows7-x64

9

aab9daae6d...f2.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aab9daae6d362b1b883d1c2aa26a80692fba1144b40fe21eb45bdcd3a7ffb1f2.exe

  • Size

    6.1MB

  • Sample

    221016-syaj3ahfem

  • MD5

    9ace7c843f57491505625bf02892c81e

  • SHA1

    5ff5b497005d56517bbd89419c8c29765a87123e

  • SHA256

    aab9daae6d362b1b883d1c2aa26a80692fba1144b40fe21eb45bdcd3a7ffb1f2

  • SHA512

    8e9f34f2699ef1f9c1d75fc471209335f270a800a9d7ab739450996415f58799525ae941286abe9380c331fb603fecc5d10f6393fc3ac81851570cce81434420

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKX:tjLuSh3i+Ftv

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      aab9daae6d362b1b883d1c2aa26a80692fba1144b40fe21eb45bdcd3a7ffb1f2.exe

    • Size

      6.1MB

    • MD5

      9ace7c843f57491505625bf02892c81e

    • SHA1

      5ff5b497005d56517bbd89419c8c29765a87123e

    • SHA256

      aab9daae6d362b1b883d1c2aa26a80692fba1144b40fe21eb45bdcd3a7ffb1f2

    • SHA512

      8e9f34f2699ef1f9c1d75fc471209335f270a800a9d7ab739450996415f58799525ae941286abe9380c331fb603fecc5d10f6393fc3ac81851570cce81434420

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKX:tjLuSh3i+Ftv

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks