Extracted

• • Target

    9ed9ed487238d528d158d25f1a6189aa9fbe37f5bba5e40e033e0b0a786119d5

  • Size

    298KB

  • MD5

    40cb01660e4b45213c35e997b94238a0

  • SHA1

    8a1f0f62eede7cd183158567f9b78384074f5fed

  • SHA256

    9ed9ed487238d528d158d25f1a6189aa9fbe37f5bba5e40e033e0b0a786119d5

  • SHA512

    305cedfe911fc108c33310a9954c368d9f3583f275d8cc002473bbb47294d7171b10854e2f513c589c4d17197e39dadcfc11c19bf9cf5573747651fefe5fd4e4

  • SSDEEP

    6144:fMjokASLOMN9/wJP96/jdLnCd4C0+7s0Vlm2QV7wcNTLysyTXLI/dc46xPy3cYsF:nkAqOi94x96Rjw4C02silwNTLxyTX01a

  Score

  10^/10

  crypvaultponycollectiondiscoveryevasionransomwareratspywarestealer

  • CrypVault

    Ransomware family which makes encrypted files look like they have been quarantined by AV.

    ransomwarecrypvault

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2