76a873fc5fa3df00e191c5f76085437659b7ee294097f1dfb1ab584b86e5dfc3 | Triage

Sharing

General

Target

76a873fc5fa3df00e191c5f76085437659b7ee294097f1dfb1ab584b86e5dfc3
Size

14.8MB
Sample

221019-m5d8yafhcj
MD5

05c9940980352eaeffd294d433695fb8
SHA1

40e876cd81b9bc6190e61d938a025008ede992f9
SHA256

76a873fc5fa3df00e191c5f76085437659b7ee294097f1dfb1ab584b86e5dfc3
SHA512

d69125e4ef8c8b184807007e206eaa693beabfd4beb660a8d65ee8b4524e54e2a91bdfb2b8ef7ae0141ca1336003fcb0d17deaeb6a1157e050d4f671f454e776
SSDEEP

98304:WLu13/Jk2Ph05e+g3XBBqa2ZZzRTC0rBC3FO:WikgcN8BBYFTC0rBC3s

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  76a873fc5fa3df00e191c5f76085437659b7ee294097f1dfb1ab584b86e5dfc3
- Size
  
  14.8MB
- MD5
  
  05c9940980352eaeffd294d433695fb8
- SHA1
  
  40e876cd81b9bc6190e61d938a025008ede992f9
- SHA256
  
  76a873fc5fa3df00e191c5f76085437659b7ee294097f1dfb1ab584b86e5dfc3
- SHA512
  
  d69125e4ef8c8b184807007e206eaa693beabfd4beb660a8d65ee8b4524e54e2a91bdfb2b8ef7ae0141ca1336003fcb0d17deaeb6a1157e050d4f671f454e776
- SSDEEP
  
  98304:WLu13/Jk2Ph05e+g3XBBqa2ZZzRTC0rBC3FO:WikgcN8BBYFTC0rBC3s
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2