meow

General

Target

8621688782.zip
Size

127KB
Sample

230104-d55lfsha41
MD5

80637ef09441d910ae7bdda488eb9989
SHA1

638e3ca8c66e218a3bdc666d52c2a91a116b60d7
SHA256

3354eb021b78cf44f76a51fb31d640e6afd1c00812a14bc7e78b80998398ad8f
SHA512

6eaf087c0dc07e64408cb3545bc7533bc885eb475e773dffcbad6a40333cd2a81913d93cdd99ab9887ae604de20983420f2b95d54b9ba6ebda29ec5e7d334ae0
SSDEEP

3072:Nxixi1bZ6T9xBXn60Ce4vmfOE6QF0oPuORAVu2l9zYIDPT3n:ixz/FnHRKjCx2l9EITT3

Score

10^/10

Malware Config

Extracted

Path

C:\readme.txt

Family

meow

Ransom Note

MEOW! MEOW! MEOW! Your files has been encrypted! Need decrypt? Write to e-mail: meowcorp2022@aol.com meowcorp2022@proton.me meowcorp@msgsafe.io meowcorp@onionmail.org or Telegram: @meowcorp2022 @meowcorp123 Uniq ID: 4d2942e6-49a6-410b-9a09-a02423f53e1c��

Emails

meowcorp2022@aol.com

meowcorp2022@proton.me

meowcorp@msgsafe.io

meowcorp@onionmail.org

Targets

- Target
  
  222e2b91f5becea8c7c05883e4a58796a1f68628fbb0852b533fed08d8e9b853
- Size
  
  224KB
- MD5
  
  033acf3b0f699a39becdc71d3e2dddcc
- SHA1
  
  5949c404aee552fc8ce29e3bf77bd08e54d37c59
- SHA256
  
  222e2b91f5becea8c7c05883e4a58796a1f68628fbb0852b533fed08d8e9b853
- SHA512
  
  604ba9e02ec18b8ad1005ec3d86970261925a1d2c198a975387beb62a9711012733b92e7641a5687af835cf1ddb5b6c6d732b33a12387a3a293ca08929f7fb50
- SSDEEP
  
  3072:xtsD+K6k7UXP6ih6XULC9GHJkmm8GxTyPGryXdEekUuIiMi:4D+33P6Y6XGpY8G5yore3u5Mi
Score

10^/10

meow ransomware spyware stealer
- Meow
  A ransomware that wipes unsecured databases first seen in Mid 2020.
  ransomware meow
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2
- Target
  
  b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec
- Size
  
  71KB
- MD5
  
  0bbb9b0d573a9c6027ca7e0b1f5478bf
- SHA1
  
  59e756e0da6a82a0f9046a3538d507c75eb95252
- SHA256
  
  b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec
- SHA512
  
  69e35a67c1d714a2b3db1ddaa3aef8accbf1c867a2de8c27b3488f77055947d954d4b6a8c62e59f7a835fad8e8148a2a4e744090889fc6d5cc18da5aa7a1c032
- SSDEEP
  
  1536:G+5geBR2Q+a8M124Zl2i5SADBDg8trv4t9MBY5yMv:GDeBgQ+a8M12Y2i59hrvWMBIv
Score

8^/10

ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies extensions of user files

Drops startup file

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Modifies extensions of user files

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4