Overview

overview

8

Static

static

sample.exe

windows10-1703-x64

8

Resubmissions

04/11/2022, 23:59

221104-31zxvacbc3 8

24/12/2020, 17:30

201224-s43rdxvlqn 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.bin.sample.gz

  • Size

    26KB

  • Sample

    221104-31zxvacbc3

  • MD5

    b95f50738e4ef830f1d077933401b6eb

  • SHA1

    99a5ac82d8109a8a769fb09cab93cec46310f757

  • SHA256

    9ce24664cc2fa049bf12d41471939252c295ccf893f00bdc754d73aec1c84b5e

  • SHA512

    71935bfa4746d126d88496145dad7927dd55a20dd51ac1bba420f63848f79d99bd5f2e45fabfea5f64f2bcb3d1c1205331924c9d630197b03d770c40f22d155b

  • SSDEEP

    768:j7NEFbb6uTIm2IfuxvMG0HRvMG0H0uc5tunpqKYhJs:j7NEwSIjIyvcHRvcH0gnpqKmJs

Score
8/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      sample

    • Size

      26KB

    • MD5

      c7cfaca6501361febe27a6b3e66a61bf

    • SHA1

      55a3414b9668596e120139a059db91a306281dcc

    • SHA256

      fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44

    • SHA512

      490814ad45e81ca6712c179fc6f9849788da1e379a02597136a52cc8695d895b648676f1ae2ee200effdac0f0dac7d56bef0af3b6854c8c150f33120af4d75a1

    • SSDEEP

      768:57NEFbb6uTIm2IfuxvMG0HRvMG0H0uc5tunpqKYhJ:57NEwSIjIyvcHRvcH0gnpqKmJ

    Score
    8/10
    persistenceransomwarespywarestealer

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks