d4fb385562bc1733e2dd8d794afd5c35e2b09778b38acefefe67d0380c066c13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4fb385562bc1733e2dd8d794afd5c35e2b09778b38acefefe67d0380c066c13
Size

1.7MB
Sample

221020-aal9vaeafp
MD5

5a798bf5cf2b9951cbf69152c6e7a376
SHA1

e3958b028c14203ff36569ad56b856813e3fd92b
SHA256

d4fb385562bc1733e2dd8d794afd5c35e2b09778b38acefefe67d0380c066c13
SHA512

2991c1262cb78c66f6a2bd14278eaff54454467e8a2539869ccc9bc5aca54b4d160256d6c9c1832b19cc135565f907b1559728a5cfdb67b605b7daf85d7513b9
SSDEEP

24576:lKKKKKKKKKsxr4cQFTj0OZeVJ904XppcNK2MtENZk7Inij2:xqcQFTIOZeN04TmK2MtENiyj

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  d4fb385562bc1733e2dd8d794afd5c35e2b09778b38acefefe67d0380c066c13
- Size
  
  1.7MB
- MD5
  
  5a798bf5cf2b9951cbf69152c6e7a376
- SHA1
  
  e3958b028c14203ff36569ad56b856813e3fd92b
- SHA256
  
  d4fb385562bc1733e2dd8d794afd5c35e2b09778b38acefefe67d0380c066c13
- SHA512
  
  2991c1262cb78c66f6a2bd14278eaff54454467e8a2539869ccc9bc5aca54b4d160256d6c9c1832b19cc135565f907b1559728a5cfdb67b605b7daf85d7513b9
- SSDEEP
  
  24576:lKKKKKKKKKsxr4cQFTj0OZeVJ904XppcNK2MtENZk7Inij2:xqcQFTIOZeN04TmK2MtENiyj
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2