8db1d98577eb6eb5d1e4aae269e4eb40634552a5b8cb4968c1126c59bbbf412c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8db1d98577eb6eb5d1e4aae269e4eb40634552a5b8cb4968c1126c59bbbf412c
Size

97KB
Sample

221017-d8sfasaeh4
MD5

f480de71b36f5419fa60c9167b4ccb28
SHA1

432d45ed85a05da8bd22a380b3797f1aaccd6dd9
SHA256

8db1d98577eb6eb5d1e4aae269e4eb40634552a5b8cb4968c1126c59bbbf412c
SHA512

44120b1d652c504b27deba0a685fc6d4527c59c7b502777b799f74302178ba95a78e9d6f7d5941aaaca65486c8380160812565a71abc4e0b9640f98d268a7710
SSDEEP

3072:e98My3aIFWsBm5WyJlM4kM2U3xtEs3WQirFUltBoGi/E:e98LeE7ChtEs3WLbs

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  8db1d98577eb6eb5d1e4aae269e4eb40634552a5b8cb4968c1126c59bbbf412c
- Size
  
  97KB
- MD5
  
  f480de71b36f5419fa60c9167b4ccb28
- SHA1
  
  432d45ed85a05da8bd22a380b3797f1aaccd6dd9
- SHA256
  
  8db1d98577eb6eb5d1e4aae269e4eb40634552a5b8cb4968c1126c59bbbf412c
- SHA512
  
  44120b1d652c504b27deba0a685fc6d4527c59c7b502777b799f74302178ba95a78e9d6f7d5941aaaca65486c8380160812565a71abc4e0b9640f98d268a7710
- SSDEEP
  
  3072:e98My3aIFWsBm5WyJlM4kM2U3xtEs3WQirFUltBoGi/E:e98LeE7ChtEs3WLbs
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2