802620972e8de517babe450dae22cf740ef135b13a95f23c4a6dd477ba772403 | Triage

Sharing

General

Target

trig_802620972e8de517babe45.exe
Size

654KB
Sample

221129-s528nafe4s
MD5

1d999ba847346e80594759ff8c32da49
SHA1

7abf3923d540addcc82a2cc0794c815dd6385cd1
SHA256

802620972e8de517babe450dae22cf740ef135b13a95f23c4a6dd477ba772403
SHA512

8ace2a4b4a096f60a9cc530ac42eff33e887c27b88ba327477567cb2db7ae34036b62b8b1b2770e5e0454483fddf6cfb28449118689f899ca800416f780b78de
SSDEEP

12288:OgBxsW2FnEfXMIw1CIl/k9AzIr0ic+ZF5XOZkaSU9EP8ZT:Oq2FnnxkIDzgcKF5aSGT

Score

8^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  trig_802620972e8de517babe45.exe
- Size
  
  654KB
- MD5
  
  1d999ba847346e80594759ff8c32da49
- SHA1
  
  7abf3923d540addcc82a2cc0794c815dd6385cd1
- SHA256
  
  802620972e8de517babe450dae22cf740ef135b13a95f23c4a6dd477ba772403
- SHA512
  
  8ace2a4b4a096f60a9cc530ac42eff33e887c27b88ba327477567cb2db7ae34036b62b8b1b2770e5e0454483fddf6cfb28449118689f899ca800416f780b78de
- SSDEEP
  
  12288:OgBxsW2FnEfXMIw1CIl/k9AzIr0ic+ZF5XOZkaSU9EP8ZT:Oq2FnnxkIDzgcKF5aSGT
Score

8^/10

persistence ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

persistenceransomwarespywarestealer