Overview

overview

9

Static

static

509bfbab48...34.exe

windows7-x64

9

509bfbab48...34.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    509bfbab489e8d03c940474c8d640c89e291f7086ab1a43447c7edfe43b37634.exe

  • Size

    1006KB

  • Sample

    221016-vhej7ahgcr

  • MD5

    e8eeee0bd32cbe0799c208d9af7af19c

  • SHA1

    9800b51befb1f64dabab20bf53fb61c8d3979012

  • SHA256

    509bfbab489e8d03c940474c8d640c89e291f7086ab1a43447c7edfe43b37634

  • SHA512

    ebe9973feb35da5b1b9b7307c60b04d0fb72ea4ad1979d51c53d0f05fe011cec8d62dee477f960ec989761a39ae6999d7392a679733e176e6a282b70b5934ec0

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSr04Xppc9:NjLuSr04TM

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      509bfbab489e8d03c940474c8d640c89e291f7086ab1a43447c7edfe43b37634.exe

    • Size

      1006KB

    • MD5

      e8eeee0bd32cbe0799c208d9af7af19c

    • SHA1

      9800b51befb1f64dabab20bf53fb61c8d3979012

    • SHA256

      509bfbab489e8d03c940474c8d640c89e291f7086ab1a43447c7edfe43b37634

    • SHA512

      ebe9973feb35da5b1b9b7307c60b04d0fb72ea4ad1979d51c53d0f05fe011cec8d62dee477f960ec989761a39ae6999d7392a679733e176e6a282b70b5934ec0

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSr04Xppc9:NjLuSr04TM

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks