Overview

overview

9

Static

static

bf42c6900c...b5.exe

windows7-x64

9

bf42c6900c...b5.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf42c6900c2a2cfbbe9a64aaa334ff8d23ec1d8d6cce9c276a8b8086f2f99eb5

  • Size

    15.0MB

  • Sample

    221018-s4ee7sgch3

  • MD5

    e93c0d46a14cbc1a97b4391df9e7cace

  • SHA1

    1cbc17470904fa9f3b5e54387a3d70d0671ec206

  • SHA256

    bf42c6900c2a2cfbbe9a64aaa334ff8d23ec1d8d6cce9c276a8b8086f2f99eb5

  • SHA512

    76713e618caedb7765fc6ddb2eb64119f56dd803603ad7334dbdbf5bcd8896a16a15701aacc80e8f0ebaa5efb2b92e89f4d6fdc3bc083772f9ab68a9d8f9bd39

  • SSDEEP

    98304:YpifqwAaNL2dqV33xAhe2c9DuFJswsDBBqa2ZZzRTC0rBC3FO:YoqwAad2cxAjAiJsBDBBYFTC0rBC3s

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      bf42c6900c2a2cfbbe9a64aaa334ff8d23ec1d8d6cce9c276a8b8086f2f99eb5

    • Size

      15.0MB

    • MD5

      e93c0d46a14cbc1a97b4391df9e7cace

    • SHA1

      1cbc17470904fa9f3b5e54387a3d70d0671ec206

    • SHA256

      bf42c6900c2a2cfbbe9a64aaa334ff8d23ec1d8d6cce9c276a8b8086f2f99eb5

    • SHA512

      76713e618caedb7765fc6ddb2eb64119f56dd803603ad7334dbdbf5bcd8896a16a15701aacc80e8f0ebaa5efb2b92e89f4d6fdc3bc083772f9ab68a9d8f9bd39

    • SSDEEP

      98304:YpifqwAaNL2dqV33xAhe2c9DuFJswsDBBqa2ZZzRTC0rBC3FO:YoqwAad2cxAjAiJsBDBBYFTC0rBC3s

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks