24deb57137aea1117e73f8f8edea3b6572f94c4924e05c057e4cc78cb777cf47 | Triage

Sharing

General

Target

24deb57137aea1117e73f8f8edea3b6572f94c4924e05c057e4cc78cb777cf47
Size

268KB
Sample

221124-j1tahsde3y
MD5

e2e275413ad1246b9ac9de9d175f5103
SHA1

dac9e13cf3289c7870da32a94e76e7bef34b945d
SHA256

24deb57137aea1117e73f8f8edea3b6572f94c4924e05c057e4cc78cb777cf47
SHA512

fbcc0ae533c53ea4e284b92c47a430b0e8d82fdeec8c080d51c4e71137cfa94d567c95e2f0f32c3e355088d03973d7fa08c4737b658a0a8f038bff0b0dc1d83d
SSDEEP

6144:5s8ONkS3YNIHoZ8/gUC5gjvyGNmCW+zgaVjPcmSSaXfZH89rE:5s5NkS3YNIHs8/gUC5cvVj2vSaPt0rE

Score

8^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  24deb57137aea1117e73f8f8edea3b6572f94c4924e05c057e4cc78cb777cf47
- Size
  
  268KB
- MD5
  
  e2e275413ad1246b9ac9de9d175f5103
- SHA1
  
  dac9e13cf3289c7870da32a94e76e7bef34b945d
- SHA256
  
  24deb57137aea1117e73f8f8edea3b6572f94c4924e05c057e4cc78cb777cf47
- SHA512
  
  fbcc0ae533c53ea4e284b92c47a430b0e8d82fdeec8c080d51c4e71137cfa94d567c95e2f0f32c3e355088d03973d7fa08c4737b658a0a8f038bff0b0dc1d83d
- SSDEEP
  
  6144:5s8ONkS3YNIHoZ8/gUC5gjvyGNmCW+zgaVjPcmSSaXfZH89rE:5s5NkS3YNIHs8/gUC5cvVj2vSaPt0rE
Score

8^/10

ransomware spyware stealer
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2