ac0f47391a3fc4481d1ddeefcdb5e54b43e6b963c5c73dae8dd29887b47f180e | Triage

Sharing

General

Target

ac0f47391a3fc4481d1ddeefcdb5e54b43e6b963c5c73dae8dd29887b47f180e
Size

240KB
Sample

221124-c36kasfc3s
MD5

6d6e6a3b4dec71ff268e5db800d5bcf5
SHA1

61c6eab37adfe8231a5ee19b9923be87b00bac13
SHA256

ac0f47391a3fc4481d1ddeefcdb5e54b43e6b963c5c73dae8dd29887b47f180e
SHA512

b5688457b9625f2ec0d82494fa492d98461afdeefe4b5f0336bc2c2470f90e0e952faf9a7784177dc0623beab5e0549f0c39a2a248291c7dad63c0b51ff21d14
SSDEEP

6144:qn/L+2uabXMfTOi16wtYSjcJvcw51NhL9emV9jtpzkkxmh3Z:U1uabXMfTz9tMJX51Nhd7jwUa3Z

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  ac0f47391a3fc4481d1ddeefcdb5e54b43e6b963c5c73dae8dd29887b47f180e
- Size
  
  240KB
- MD5
  
  6d6e6a3b4dec71ff268e5db800d5bcf5
- SHA1
  
  61c6eab37adfe8231a5ee19b9923be87b00bac13
- SHA256
  
  ac0f47391a3fc4481d1ddeefcdb5e54b43e6b963c5c73dae8dd29887b47f180e
- SHA512
  
  b5688457b9625f2ec0d82494fa492d98461afdeefe4b5f0336bc2c2470f90e0e952faf9a7784177dc0623beab5e0549f0c39a2a248291c7dad63c0b51ff21d14
- SSDEEP
  
  6144:qn/L+2uabXMfTOi16wtYSjcJvcw51NhL9emV9jtpzkkxmh3Z:U1uabXMfTz9tMJX51Nhd7jwUa3Z
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2