Overview

overview

9

Static

static

a245009cdc...18.exe

windows7-x64

9

a245009cdc...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    a245009cdc7c566c61c92d5985b6ae45f62ff81749de479ee4a4571034c88518

  • Size

    7.8MB

  • Sample

    221018-se25zagbg8

  • MD5

    a0a394ff6fd5cec78911234aff40c4dd

  • SHA1

    d2106cae9b2c1201640bcd0d0e02a84085866136

  • SHA256

    a245009cdc7c566c61c92d5985b6ae45f62ff81749de479ee4a4571034c88518

  • SHA512

    7d9c7f323dcb337ae83638278bb9ec1d58d77e6391497f1fd0495e4e7b483a5e25e816fc0b8ff2ca03ff69974ee8fb38e74667c3de5210796020d82add879559

  • SSDEEP

    49152:ujLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U633:yLu13/Jk2Ph05e+g3

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      a245009cdc7c566c61c92d5985b6ae45f62ff81749de479ee4a4571034c88518

    • Size

      7.8MB

    • MD5

      a0a394ff6fd5cec78911234aff40c4dd

    • SHA1

      d2106cae9b2c1201640bcd0d0e02a84085866136

    • SHA256

      a245009cdc7c566c61c92d5985b6ae45f62ff81749de479ee4a4571034c88518

    • SHA512

      7d9c7f323dcb337ae83638278bb9ec1d58d77e6391497f1fd0495e4e7b483a5e25e816fc0b8ff2ca03ff69974ee8fb38e74667c3de5210796020d82add879559

    • SSDEEP

      49152:ujLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U633:yLu13/Jk2Ph05e+g3

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks