90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041 | Triage

Submit
Reports

Overview

overview

Static

static

90e7babb24...41.exe

windows7-x64

9

90e7babb24...41.exe

windows10-2004-x64

Sharing

General

Target

90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
Size

256KB
Sample

221128-qmkvjsbd6w
MD5

f7af4a7c9b22da810861a6bd07c55a87
SHA1

a8d832d884d94372f6dc8f9a3718eb3b4db1ee09
SHA256

90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
SHA512

feeadc83c12b5d8d678b8c1078b48de19fa6bea35224d84e7b1859c79ac8661836c25b9fa8dd5994fe2841cf08adea60864c4d94b43dc7861729174daf7b9ca6
SSDEEP

6144:BcEWAuYkSubM5cAhVIdnwMVtyeelQikCwxjqdsCWTz4M:2hSSS5YlVtyeklPujqdmT9

Score

10^/10

persistence phishing ransomware

Static task

static1

Behavioral task

behavioral1

Sample

90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041.exe

Resource

win7-20220812-en

persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041.exe

Resource

win10v2004-20221111-en

persistence phishing

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
- Size
  
  256KB
- MD5
  
  f7af4a7c9b22da810861a6bd07c55a87
- SHA1
  
  a8d832d884d94372f6dc8f9a3718eb3b4db1ee09
- SHA256
  
  90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
- SHA512
  
  feeadc83c12b5d8d678b8c1078b48de19fa6bea35224d84e7b1859c79ac8661836c25b9fa8dd5994fe2841cf08adea60864c4d94b43dc7861729174daf7b9ca6
- SSDEEP
  
  6144:BcEWAuYkSubM5cAhVIdnwMVtyeelQikCwxjqdsCWTz4M:2hSSS5YlVtyeklPujqdmT9
Score

10^/10

persistence ransomware phishing
- Detected phishing page
  phishing
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistencephishing

© 2018-2024

Terms | Privacy