bd48f0cca8d93b6ff35f873b829c68ab7d4124c12eb602ee6eba603d892647d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd48f0cca8d93b6ff35f873b829c68ab7d4124c12eb602ee6eba603d892647d4
Size

8.5MB
Sample

221017-nf1ajsbfd9
MD5

6f146934a9547f72419fec15c693e10d
SHA1

1ecfbe327e95fae26fd1462577ca66af952c6afe
SHA256

bd48f0cca8d93b6ff35f873b829c68ab7d4124c12eb602ee6eba603d892647d4
SHA512

a87247f7194cdf5693953ef12d907ccc97fc5cad3128470cc6481434869b3cb8b48b0777d894c24aad1f448a3f7acb5a9fa4d6194b3c137207b57b0fb3fd99df
SSDEEP

49152:yjLuSh3i+FtvkMzT+8Re0ZGxbxcgsIsTZm:OLu1g9ZGlWrfTZm

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  bd48f0cca8d93b6ff35f873b829c68ab7d4124c12eb602ee6eba603d892647d4
- Size
  
  8.5MB
- MD5
  
  6f146934a9547f72419fec15c693e10d
- SHA1
  
  1ecfbe327e95fae26fd1462577ca66af952c6afe
- SHA256
  
  bd48f0cca8d93b6ff35f873b829c68ab7d4124c12eb602ee6eba603d892647d4
- SHA512
  
  a87247f7194cdf5693953ef12d907ccc97fc5cad3128470cc6481434869b3cb8b48b0777d894c24aad1f448a3f7acb5a9fa4d6194b3c137207b57b0fb3fd99df
- SSDEEP
  
  49152:yjLuSh3i+FtvkMzT+8Re0ZGxbxcgsIsTZm:OLu1g9ZGlWrfTZm
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2