0ce758f448bdcd84477cc274dd3247933f3b02746ff1a4d6d34d3aa5b25d4007 | Triage

Sharing

General

Target

0ce758f448bdcd84477cc274dd3247933f3b02746ff1a4d6d34d3aa5b25d4007
Size

14.8MB
Sample

221018-s49w4sgdb2
MD5

0591c6fd459f89ae64b9a025ac4f5f41
SHA1

5e67859c3a029291df697e9bbe4bea19b42af195
SHA256

0ce758f448bdcd84477cc274dd3247933f3b02746ff1a4d6d34d3aa5b25d4007
SHA512

da8fe4ff0a1d0f4bfdc89cbe5b70f85dd8c5570f56c061f61eff08a95d6e97bb2f108b8621123b452e3c3bca83dc43288dd22c2511d32af84e5158b131f9d899
SSDEEP

196608:Rd9JTZksaJ+1orTRtwGfLgAtjpQFTC0rBC3s:RDJTQTReGfLgAlpYTSs

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  0ce758f448bdcd84477cc274dd3247933f3b02746ff1a4d6d34d3aa5b25d4007
- Size
  
  14.8MB
- MD5
  
  0591c6fd459f89ae64b9a025ac4f5f41
- SHA1
  
  5e67859c3a029291df697e9bbe4bea19b42af195
- SHA256
  
  0ce758f448bdcd84477cc274dd3247933f3b02746ff1a4d6d34d3aa5b25d4007
- SHA512
  
  da8fe4ff0a1d0f4bfdc89cbe5b70f85dd8c5570f56c061f61eff08a95d6e97bb2f108b8621123b452e3c3bca83dc43288dd22c2511d32af84e5158b131f9d899
- SSDEEP
  
  196608:Rd9JTZksaJ+1orTRtwGfLgAtjpQFTC0rBC3s:RDJTQTReGfLgAlpYTSs
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2