1733b199a7063443c167e3caeae7dda2315f590341ea2152a9b132e1ad8e94a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ransomware.Vipasana.zip
Size

638KB
Sample

221217-c78v8aah7x
MD5

8d2c4c192772985776bacfd77f7bc4d9
SHA1

3b923b911d443e321e551f26c9588b16a994d52e
SHA256

1733b199a7063443c167e3caeae7dda2315f590341ea2152a9b132e1ad8e94a8
SHA512

6c24f2fe498cf38e3f3d66b62915e6fbc8c2746a1d4c3c3de270f994b02e1369b9540099c12d150712574ececbe63c8c9f28877d8aa4557fbbb7890d5a0de6c1
SSDEEP

12288:atcWK55CAyTliOve2dCbNF2NJ9lTYG6WxGc7jdw04YPghNxEvREoXIaK:k7KCP5tWiCpYj6/Cm04YPgvivRENL

Score

8^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab
- Size
  
  370KB
- MD5
  
  2aea3b217e6a3d08ef684594192cafc8
- SHA1
  
  3a0b855dd052b2cdc6453f6cbdb858c7b55762b0
- SHA256
  
  0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab
- SHA512
  
  ea83fcb7465e48445f2213028713c4048ac575b9c2f7458a014c495bddb280be553a22b1056284efad7dd55c2a7837096755206581c67bb0183e4ac42160011a
- SSDEEP
  
  6144:oRzMgpY8bXFHW1FbwwEHidUoagoW2C9cuqBGI4Zq6mYlG8+rNfNQFoQGt485VY:uDRbXFHW1+K2UWBGIymY/+rheFOv
Score

8^/10

persistence ransomware spyware stealer
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1
- Target
  
  c0cf40b8830d666a24bdd4febdc162e95aa30ed968fa3675e26ad97b2e88e03a
- Size
  
  370KB
- MD5
  
  a890e2f924dea3cb3e46a95431ffae39
- SHA1
  
  35719ee58a5771156bc956bcf1b5c54ac3391593
- SHA256
  
  c0cf40b8830d666a24bdd4febdc162e95aa30ed968fa3675e26ad97b2e88e03a
- SHA512
  
  664fb8075712912be30185d17d912dae148e778627e852affe1b1080bb9c8d5917e7b3c1d194e62ac6919c16235754f776523ba7ce95af38be86b61cc3e3d162
- SSDEEP
  
  6144:KRzMgpY8bXFHW1FbwwEHidUoagoW2C9cuqBGI4Zq6mYN8+G5l9PAzJdVeO2Ui:sDRbXFHW1+K2UWBGIymYG+i9A+ONi
Score

8^/10

persistence ransomware spyware stealer
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral2
- Target
  
  e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573
- Size
  
  329KB
- MD5
  
  adb5c262ca4f95fee36ae4b9b5d41d45
- SHA1
  
  cdbe420609fec04ddf3d74297fc2320b6a8a898e
- SHA256
  
  e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573
- SHA512
  
  dad3541217a7f1fde669441a3f987794ee58ae44e7899d7ed5ebdf59e8174e2924441ea8474701908071df74479a4f928b673c2d9086c67078a2a861b61ba754
- SSDEEP
  
  6144:TRzMgpY8bXFHW1FbwwEHidUoagoW2C9cuqBGI4Zq6mYN8+N6MSiF0Q5XNN:pDRbXFHW1+K2UWBGIymYG+zn
Score

8^/10

persistence ransomware spyware stealer
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

persistenceransomwarespywarestealer

behavioral3

persistenceransomwarespywarestealer