f4b632979bcf28afc1a2a56ca1c941e1e91f50d9eaa2eef9fc947ecb16f272a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4b632979bcf28afc1a2a56ca1c941e1e91f50d9eaa2eef9fc947ecb16f272a3
Size

2.8MB
Sample

221028-xbnwdsbbgq
MD5

67e0de0635cd53bc28f088d83b8c7b3f
SHA1

3f8b271c15a22394d6f99a189bc634826ab119d6
SHA256

f4b632979bcf28afc1a2a56ca1c941e1e91f50d9eaa2eef9fc947ecb16f272a3
SHA512

354b86c121214abd5b0000cc58be72997f2ae0bcde1b524a37e1af46f1d7f86ef53e9813e369638195496bf1d9e177be0d96181ded9d0392bd1a593f205beca7
SSDEEP

49152:JqcQFTIOZeN04TDxy3jqT+NTJjl3c23spzpfYP7CD6s9HPOwesa6/96vSSSmK78o:4cQUO4TqjqT+Nldc23spzpfYP7CD62HJ

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  f4b632979bcf28afc1a2a56ca1c941e1e91f50d9eaa2eef9fc947ecb16f272a3
- Size
  
  2.8MB
- MD5
  
  67e0de0635cd53bc28f088d83b8c7b3f
- SHA1
  
  3f8b271c15a22394d6f99a189bc634826ab119d6
- SHA256
  
  f4b632979bcf28afc1a2a56ca1c941e1e91f50d9eaa2eef9fc947ecb16f272a3
- SHA512
  
  354b86c121214abd5b0000cc58be72997f2ae0bcde1b524a37e1af46f1d7f86ef53e9813e369638195496bf1d9e177be0d96181ded9d0392bd1a593f205beca7
- SSDEEP
  
  49152:JqcQFTIOZeN04TDxy3jqT+NTJjl3c23spzpfYP7CD6s9HPOwesa6/96vSSSmK78o:4cQUO4TqjqT+Nldc23spzpfYP7CD62HJ
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2