eca08bb28461994241fa551d0c9b3941c1acb8982fa8203a487ce371c62d8d74 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eca08bb28461994241fa551d0c9b3941c1acb8982fa8203a487ce371c62d8d74
Size

7.9MB
Sample

221017-xpw4xsdaaj
MD5

adc9eae97189657fd7bd73059bbe788f
SHA1

55fe6804bb73460ffcb9f66d8b3b1eeee076b1df
SHA256

eca08bb28461994241fa551d0c9b3941c1acb8982fa8203a487ce371c62d8d74
SHA512

4ecbfee559d7073caa87a268e71afb06a6640c91533718b3467e218e2dd71e8cdac6c3129e086472a8afaa1cb0ab724ee24969b73173955af395f5ccc50c166d
SSDEEP

49152:JjLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U633:hLu13/Jk2Ph05e+g3

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  eca08bb28461994241fa551d0c9b3941c1acb8982fa8203a487ce371c62d8d74
- Size
  
  7.9MB
- MD5
  
  adc9eae97189657fd7bd73059bbe788f
- SHA1
  
  55fe6804bb73460ffcb9f66d8b3b1eeee076b1df
- SHA256
  
  eca08bb28461994241fa551d0c9b3941c1acb8982fa8203a487ce371c62d8d74
- SHA512
  
  4ecbfee559d7073caa87a268e71afb06a6640c91533718b3467e218e2dd71e8cdac6c3129e086472a8afaa1cb0ab724ee24969b73173955af395f5ccc50c166d
- SSDEEP
  
  49152:JjLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U633:hLu13/Jk2Ph05e+g3
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2