Overview

overview

9

Static

static

5a5bfdb0ad...41.exe

windows7-x64

9

5a5bfdb0ad...41.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a5bfdb0ad1d8fd330a0ce6f1748fc9a705ce22f807b6994ed3ab15b6f2e0641

  • Size

    6.3MB

  • Sample

    221027-dhsndaada7

  • MD5

    761a9e0e651fafb4d84bc498d2dd0592

  • SHA1

    608d3ee4077187f393187df136621cfc759e0ebd

  • SHA256

    5a5bfdb0ad1d8fd330a0ce6f1748fc9a705ce22f807b6994ed3ab15b6f2e0641

  • SHA512

    4ebfcd8562691d832a178fb26c4ef5d51e9eb3baaa7c58dae2ef3a24a7b582929e575778916e01858c6a0cfbd48e9c606a65a0f2b1a07250b6cf86d04ae1192e

  • SSDEEP

    98304:PcQUO4TLs6pMpsoPXdN9JIB5kHYKQwYucWrWrW8t+g3FU:PRc7pMpsMNN9JVHYFwYnWrWrW5b

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      5a5bfdb0ad1d8fd330a0ce6f1748fc9a705ce22f807b6994ed3ab15b6f2e0641

    • Size

      6.3MB

    • MD5

      761a9e0e651fafb4d84bc498d2dd0592

    • SHA1

      608d3ee4077187f393187df136621cfc759e0ebd

    • SHA256

      5a5bfdb0ad1d8fd330a0ce6f1748fc9a705ce22f807b6994ed3ab15b6f2e0641

    • SHA512

      4ebfcd8562691d832a178fb26c4ef5d51e9eb3baaa7c58dae2ef3a24a7b582929e575778916e01858c6a0cfbd48e9c606a65a0f2b1a07250b6cf86d04ae1192e

    • SSDEEP

      98304:PcQUO4TLs6pMpsoPXdN9JIB5kHYKQwYucWrWrW8t+g3FU:PRc7pMpsMNN9JVHYFwYnWrWrW5b

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks