Overview

overview

10

Static

static

10

fda16dd1b5...a7.exe

windows7-x64

9

fda16dd1b5...a7.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9003711726.zip

  • Size

    3.2MB

  • Sample

    230206-scf5qaee38

  • MD5

    4617b9d634b7a6d6c05837e50f1f9398

  • SHA1

    0f3a3af4b8dc4b332b0b1988077c52b4e56e1a24

  • SHA256

    0e1764a83668825f870143b5af13d9cc12bc55f3f264efe7bee4401b6133de83

  • SHA512

    05836822b85c2c886e51011803cd353fd8936b7ccf6a4392f2c22d311fa8f79c8b6bf5f0d96690160f670d5e55c44b8c2fa0148e25daba2603efbcf2f4f2dd96

  • SSDEEP

    98304:i7nyyVUBXI/NZqCwWC5pdq0D/C3a2QVLdCDe:0UICCy5pdqy/CgCDe

Score
10/10
blackbastablackmatterransomwarespywarestealer

Malware Config

Targets

    • Target

      fda16dd1b56329042b632930171ef25be4a49d05b96cc2466ff9940c0807b1a7

    • Size

      10.6MB

    • MD5

      9b0dbfe3b3e7cec4faa029e5197730ca

    • SHA1

      9f7bb1ebfe4e69f817dc2bcf8613297ea84884ae

    • SHA256

      fda16dd1b56329042b632930171ef25be4a49d05b96cc2466ff9940c0807b1a7

    • SHA512

      3a3e741d302f1adeb0362e6d08a76279e60a91cc90ae4b8f6662236b4b572614ce8b5c2fed720af6f92243d30c1afc5d0640c22956dd149d97ee91d3e4e4c25f

    • SSDEEP

      98304:+Lu1TIRtUOV5ZQ+5jZArLu1OWWqXpy05QP:+TRtBYk405QP

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks