Overview

overview

9

Static

static

3f0900aa7a...46.exe

windows7-x64

9

3f0900aa7a...46.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f0900aa7acb8d060756499eaec140f5c65c14f1545ad96780f496e5c1e97b46

  • Size

    8.1MB

  • Sample

    221019-m56m7afhcn

  • MD5

    31c3502a3ac9c45c563ae8c3d0726dbe

  • SHA1

    9290242f3d651a406cd3d4c4be35434afa1ee41a

  • SHA256

    3f0900aa7acb8d060756499eaec140f5c65c14f1545ad96780f496e5c1e97b46

  • SHA512

    053778e3f027edebedfbc028f0d59aabd1d700bfbbc14874a610b0bc90bac96dd40dee4d5a3f63867cacd134367f633694819d5b0a45e57093817875d3347e05

  • SSDEEP

    98304:aLu13/Jk2Ph05e+g3aL8BHeTLIOsRvBYql7x+oZHcV4i/kgE7/FG4l7zP3u+0xZ3:aikgcN/MeTLIOsNvGfLgc

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      3f0900aa7acb8d060756499eaec140f5c65c14f1545ad96780f496e5c1e97b46

    • Size

      8.1MB

    • MD5

      31c3502a3ac9c45c563ae8c3d0726dbe

    • SHA1

      9290242f3d651a406cd3d4c4be35434afa1ee41a

    • SHA256

      3f0900aa7acb8d060756499eaec140f5c65c14f1545ad96780f496e5c1e97b46

    • SHA512

      053778e3f027edebedfbc028f0d59aabd1d700bfbbc14874a610b0bc90bac96dd40dee4d5a3f63867cacd134367f633694819d5b0a45e57093817875d3347e05

    • SSDEEP

      98304:aLu13/Jk2Ph05e+g3aL8BHeTLIOsRvBYql7x+oZHcV4i/kgE7/FG4l7zP3u+0xZ3:aikgcN/MeTLIOsNvGfLgc

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks