Overview

overview

9

Static

static

9a9ff607a0...48.exe

windows7-x64

9

9a9ff607a0...48.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a9ff607a078c1bbeb381718a14df6ccda0d59c7437bd9070b9bfe29ad6c9b48

  • Size

    14.7MB

  • Sample

    221017-x3d59sdacm

  • MD5

    b25aa37db4997a6c183b8de5b5d9212d

  • SHA1

    ad8b1157dfbb7d38cd0914bca4d442645b18ba95

  • SHA256

    9a9ff607a078c1bbeb381718a14df6ccda0d59c7437bd9070b9bfe29ad6c9b48

  • SHA512

    cab31d2a24cc8d6524ec1e17591aa8b253e487778407653bdd075746e18910c26516a11cf78038e469951308044fc9120c9c7b39a09b6da3a11aad17b58e6a62

  • SSDEEP

    196608:ld9JTZksaJ+1orTRtwGfLgAtjpQFTC0rBC3s:lDJTQTReGfLgAlpYTSs

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      9a9ff607a078c1bbeb381718a14df6ccda0d59c7437bd9070b9bfe29ad6c9b48

    • Size

      14.7MB

    • MD5

      b25aa37db4997a6c183b8de5b5d9212d

    • SHA1

      ad8b1157dfbb7d38cd0914bca4d442645b18ba95

    • SHA256

      9a9ff607a078c1bbeb381718a14df6ccda0d59c7437bd9070b9bfe29ad6c9b48

    • SHA512

      cab31d2a24cc8d6524ec1e17591aa8b253e487778407653bdd075746e18910c26516a11cf78038e469951308044fc9120c9c7b39a09b6da3a11aad17b58e6a62

    • SSDEEP

      196608:ld9JTZksaJ+1orTRtwGfLgAtjpQFTC0rBC3s:lDJTQTReGfLgAlpYTSs

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks