Overview

overview

9

Static

static

1d720e68b0...b6.exe

windows7-x64

9

1d720e68b0...b6.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d720e68b0641356fb31564d4e41daee78a48b3d5171de693cdf1a1964c86db6

  • Size

    10.7MB

  • Sample

    221018-x3pl1adggn

  • MD5

    af538362486db7c7a16a48879a76df95

  • SHA1

    3ce8d738b9f74454a5e432fa589b05eeaafe54c2

  • SHA256

    1d720e68b0641356fb31564d4e41daee78a48b3d5171de693cdf1a1964c86db6

  • SHA512

    af19710f145cf2b3ec07924660cc94b4cc91acb8528c0ab97dd7c0a06a935cbf1838acee284915fe597e02979bd38dfe337d4ad658cc4373614a7f6fd1979551

  • SSDEEP

    98304:rpEdqwAaNL2dqV33xAhe2c9DuFJswsDBBqa2ZZzp:r4qwAad2cxAjAiJsBDBBYl

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      1d720e68b0641356fb31564d4e41daee78a48b3d5171de693cdf1a1964c86db6

    • Size

      10.7MB

    • MD5

      af538362486db7c7a16a48879a76df95

    • SHA1

      3ce8d738b9f74454a5e432fa589b05eeaafe54c2

    • SHA256

      1d720e68b0641356fb31564d4e41daee78a48b3d5171de693cdf1a1964c86db6

    • SHA512

      af19710f145cf2b3ec07924660cc94b4cc91acb8528c0ab97dd7c0a06a935cbf1838acee284915fe597e02979bd38dfe337d4ad658cc4373614a7f6fd1979551

    • SSDEEP

      98304:rpEdqwAaNL2dqV33xAhe2c9DuFJswsDBBqa2ZZzp:r4qwAad2cxAjAiJsBDBBYl

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks