875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3 | Triage

Sharing

General

Target

875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3
Size

802KB
Sample

221017-d7pm1safdq
MD5

1a22a2b8d17f7dfd3f0c8ef141dd0ff6
SHA1

6eeb3d09498a31f908c47f31f85e143d515f2dee
SHA256

875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3
SHA512

eadfa47639cdd9d91126d4aa74093b6ac51735ed28694eb6e2b4b4bf764a4c066c469fa2081f493c4f05245dd62dbe51d65217a6de6f8649f7db1c9830761135
SSDEEP

6144:e98L598LVjCHov2OU0fSvbSYPLi+Ll4nhOpamZqSntv:lKVjCIv2aavGYPLhVtntv

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3
- Size
  
  802KB
- MD5
  
  1a22a2b8d17f7dfd3f0c8ef141dd0ff6
- SHA1
  
  6eeb3d09498a31f908c47f31f85e143d515f2dee
- SHA256
  
  875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3
- SHA512
  
  eadfa47639cdd9d91126d4aa74093b6ac51735ed28694eb6e2b4b4bf764a4c066c469fa2081f493c4f05245dd62dbe51d65217a6de6f8649f7db1c9830761135
- SSDEEP
  
  6144:e98L598LVjCHov2OU0fSvbSYPLi+Ll4nhOpamZqSntv:lKVjCIv2aavGYPLhVtntv
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2