2dc46a3694f238889edf0b5f00d88198554ad02481c1f1fd0c0ac8df934c945c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dc46a3694f238889edf0b5f00d88198554ad02481c1f1fd0c0ac8df934c945c
Size

7.3MB
Sample

221018-djv5wsedgq
MD5

3b07044894f51982bf8253c2f08ff004
SHA1

7f1003488242651300700affe3df12e9e51edf2c
SHA256

2dc46a3694f238889edf0b5f00d88198554ad02481c1f1fd0c0ac8df934c945c
SHA512

8eb3c9fffacdffe582e3fbe42b172fa8aaaac8ac5ed5cec2323f6742d2fbfa587340151d3afe511ae4650625a32a4dea4698ce125b825f3c7a291c3605f5d16f
SSDEEP

49152:ajLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U633:GLu13/Jk2Ph05e+g3

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  2dc46a3694f238889edf0b5f00d88198554ad02481c1f1fd0c0ac8df934c945c
- Size
  
  7.3MB
- MD5
  
  3b07044894f51982bf8253c2f08ff004
- SHA1
  
  7f1003488242651300700affe3df12e9e51edf2c
- SHA256
  
  2dc46a3694f238889edf0b5f00d88198554ad02481c1f1fd0c0ac8df934c945c
- SHA512
  
  8eb3c9fffacdffe582e3fbe42b172fa8aaaac8ac5ed5cec2323f6742d2fbfa587340151d3afe511ae4650625a32a4dea4698ce125b825f3c7a291c3605f5d16f
- SSDEEP
  
  49152:ajLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U633:GLu13/Jk2Ph05e+g3
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2