6898911b920831be91bcab143777960b1873b0b7e1220b9131a44d92ae290d1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6898911b920831be91bcab143777960b1873b0b7e1220b9131a44d92ae290d1a
Size

1.4MB
Sample

221017-ehyp3aagar
MD5

eb937e263c9692c24a13d601b01302fd
SHA1

7e735b13fe911ade1c9eba3d6d732c55b8e2525d
SHA256

6898911b920831be91bcab143777960b1873b0b7e1220b9131a44d92ae290d1a
SHA512

dc769f6a10a1cbb38269427b5797d2666e9dc9f7b1f065d54e17086a2ebaa6c79ea863aaea05a2c3323b5c8e49fee8ae277ce3db06aedfaad3a3ef5993706cc3
SSDEEP

24576:lKKKKKKN7ChBWMQ+uSbK2MtENZk7Inij2:2jLuSbK2MtENiyj

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  6898911b920831be91bcab143777960b1873b0b7e1220b9131a44d92ae290d1a
- Size
  
  1.4MB
- MD5
  
  eb937e263c9692c24a13d601b01302fd
- SHA1
  
  7e735b13fe911ade1c9eba3d6d732c55b8e2525d
- SHA256
  
  6898911b920831be91bcab143777960b1873b0b7e1220b9131a44d92ae290d1a
- SHA512
  
  dc769f6a10a1cbb38269427b5797d2666e9dc9f7b1f065d54e17086a2ebaa6c79ea863aaea05a2c3323b5c8e49fee8ae277ce3db06aedfaad3a3ef5993706cc3
- SSDEEP
  
  24576:lKKKKKKN7ChBWMQ+uSbK2MtENZk7Inij2:2jLuSbK2MtENiyj
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2