6f50419bc0ec5f931a9e976529eb7eddd1aa0983798f911272b730b3a4142ea2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f50419bc0ec5f931a9e976529eb7eddd1aa0983798f911272b730b3a4142ea2
Size

15.0MB
Sample

221018-c6dzfsebd3
MD5

9943ac939b3b169cd00e1cffbf8657d6
SHA1

6be570a6f9009aa10562737d1e406a20ec20c045
SHA256

6f50419bc0ec5f931a9e976529eb7eddd1aa0983798f911272b730b3a4142ea2
SHA512

8a67b9fc2fd7d71a61e4db1e2c8d32c7bad45768e4929b85e964e3bc71b08bb2fb91b0548d13e78da0f2d73e9cc57e3121f0741a718022ef9c4c268961aa1949
SSDEEP

98304:dLu13/Jk2Ph05e+g3XBBqa2ZZzRTC0rBC3FO:dikgcN8BBYFTC0rBC3s

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  6f50419bc0ec5f931a9e976529eb7eddd1aa0983798f911272b730b3a4142ea2
- Size
  
  15.0MB
- MD5
  
  9943ac939b3b169cd00e1cffbf8657d6
- SHA1
  
  6be570a6f9009aa10562737d1e406a20ec20c045
- SHA256
  
  6f50419bc0ec5f931a9e976529eb7eddd1aa0983798f911272b730b3a4142ea2
- SHA512
  
  8a67b9fc2fd7d71a61e4db1e2c8d32c7bad45768e4929b85e964e3bc71b08bb2fb91b0548d13e78da0f2d73e9cc57e3121f0741a718022ef9c4c268961aa1949
- SSDEEP
  
  98304:dLu13/Jk2Ph05e+g3XBBqa2ZZzRTC0rBC3FO:dikgcN8BBYFTC0rBC3s
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2