62c80911787f6883a816e7f32931f488180fd3e6412a511153964fe9e7e11d3f | Triage

Sharing

General

Target

62c80911787f6883a816e7f32931f488180fd3e6412a511153964fe9e7e11d3f
Size

68KB
Sample

221105-sqz5ragde6
MD5

ad8f7e522adaf84934cb6cca73eeb2e5
SHA1

37aaa8bcb4835ccd41e53052d762173241417f56
SHA256

62c80911787f6883a816e7f32931f488180fd3e6412a511153964fe9e7e11d3f
SHA512

54e75391fd6b11c74a018b46f134af363fc856f0bef1482556fba586b1a8882eab97ab28ee646e9ca476059df51ea90a5aa6d599b130da139baec7fda39b886d
SSDEEP

1536:ra98My3aIx6KhV4sBmfxWyJlMFiirgpjCq9NCzrqxtGe2N23IY+DQi1/eHae:e98My3aIFWsBm5WyJlM4kM2U3xtEs3Wt

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  62c80911787f6883a816e7f32931f488180fd3e6412a511153964fe9e7e11d3f
- Size
  
  68KB
- MD5
  
  ad8f7e522adaf84934cb6cca73eeb2e5
- SHA1
  
  37aaa8bcb4835ccd41e53052d762173241417f56
- SHA256
  
  62c80911787f6883a816e7f32931f488180fd3e6412a511153964fe9e7e11d3f
- SHA512
  
  54e75391fd6b11c74a018b46f134af363fc856f0bef1482556fba586b1a8882eab97ab28ee646e9ca476059df51ea90a5aa6d599b130da139baec7fda39b886d
- SSDEEP
  
  1536:ra98My3aIx6KhV4sBmfxWyJlMFiirgpjCq9NCzrqxtGe2N23IY+DQi1/eHae:e98My3aIFWsBm5WyJlM4kM2U3xtEs3Wt
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2