Overview

overview

9

Static

static

1ba17dfb31...aa.exe

windows7-x64

9

1ba17dfb31...aa.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    1ba17dfb313109752362090a212337ed3ad2c351a59c23b0cdea5ada086df3aa

  • Size

    2.0MB

  • Sample

    221107-yq5ywsfce8

  • MD5

    169524becb4d074550f341be956b4a47

  • SHA1

    4675487258390535bb89df38d5b5dbd81667b3ab

  • SHA256

    1ba17dfb313109752362090a212337ed3ad2c351a59c23b0cdea5ada086df3aa

  • SHA512

    263665e5efce786c59438add00043c6b4101c229da65cf97c6fbdb75ebce5f49aeee0007d91e21e747a7b3e5cdffddca4c6a76eb3bc29fef0bab52e88bb4035c

  • SSDEEP

    49152:rt89TMn24QHTdRJVZUmxOiK65dbFzffvo/:rpEjhK2w

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      1ba17dfb313109752362090a212337ed3ad2c351a59c23b0cdea5ada086df3aa

    • Size

      2.0MB

    • MD5

      169524becb4d074550f341be956b4a47

    • SHA1

      4675487258390535bb89df38d5b5dbd81667b3ab

    • SHA256

      1ba17dfb313109752362090a212337ed3ad2c351a59c23b0cdea5ada086df3aa

    • SHA512

      263665e5efce786c59438add00043c6b4101c229da65cf97c6fbdb75ebce5f49aeee0007d91e21e747a7b3e5cdffddca4c6a76eb3bc29fef0bab52e88bb4035c

    • SSDEEP

      49152:rt89TMn24QHTdRJVZUmxOiK65dbFzffvo/:rpEjhK2w

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks