149ded86c52aee0bf1dc303181495af988334c9c0c6b81048d8388a7f797dc5b | Triage

Sharing

General

Target

trig_149ded86c52aee0bf1dc30.exe
Size

1.1MB
Sample

221129-s5w2mscf72
MD5

882f792ef927f4e8321e082d9a4d85ff
SHA1

0f7989d7ae20d6be6f18c38ae255a5ca1397a8df
SHA256

149ded86c52aee0bf1dc303181495af988334c9c0c6b81048d8388a7f797dc5b
SHA512

350040e5611aa21bc637f465a4c898c7473cd21e2a71c269593196c6866b709cefdf9610b411679cdd1f6b213ee130e058b93f5c2578457450aa4b3dd49a9673
SSDEEP

24576:LYxvmwliqDHWHVjdzuM7Br+e5rA+u7ziSX:evmw3UjnrP9jQis

Score

8^/10

discovery persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  trig_149ded86c52aee0bf1dc30.exe
- Size
  
  1.1MB
- MD5
  
  882f792ef927f4e8321e082d9a4d85ff
- SHA1
  
  0f7989d7ae20d6be6f18c38ae255a5ca1397a8df
- SHA256
  
  149ded86c52aee0bf1dc303181495af988334c9c0c6b81048d8388a7f797dc5b
- SHA512
  
  350040e5611aa21bc637f465a4c898c7473cd21e2a71c269593196c6866b709cefdf9610b411679cdd1f6b213ee130e058b93f5c2578457450aa4b3dd49a9673
- SSDEEP
  
  24576:LYxvmwliqDHWHVjdzuM7Br+e5rA+u7ziSX:evmw3UjnrP9jQis
Score

8^/10

persistence ransomware spyware stealer discovery
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Network Service Scanning

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

discoverypersistence