Overview

overview

10

Static

static

10

1e5ea7dca6...c8.exe

windows7-x64

8

1e5ea7dca6...c8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9207564703.zip

  • Size

    91KB

  • Sample

    230221-n2e7hage7x

  • MD5

    8a17c0c50660056bce6a0292d302ebbe

  • SHA1

    57a42db01fd1ad220012f3bcb824181b1b275ce6

  • SHA256

    b228112ad5e00b19feb03dfebf42006e529496d4f2795d078ab97b4009e804a9

  • SHA512

    4671d339fd27c2a37a8e5e9f46e7101e18f695de66c5a8b5d1d017564e0e38ae2603334467398a3f95737e8733f8417300f07da306dc2385355980d61c14a273

  • SSDEEP

    1536:mgELMGLrGBqoBZw3SIxu17trKXJKoXQDLfKrSQq38tNB3fKzU36AoWPx9a:ZEQGLrGtuSIs17hKXrAKGQZbBvKzUqGq

Score
10/10
xoristpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      1e5ea7dca626a9774d1ccecfaf7656988e4a09c4203c022f547a2d6b5210edc8

    • Size

      4.1MB

    • MD5

      1e3b53683021507660b4cfb6689661ad

    • SHA1

      45ccea9bcf255129b73ea430e510f8fee5ef9f47

    • SHA256

      1e5ea7dca626a9774d1ccecfaf7656988e4a09c4203c022f547a2d6b5210edc8

    • SHA512

      7689aec118efc71d032525758bd84381c762f6dcd9dd577427ce6ca0d9c552401de94ac87ec20f3f5caa8688f9b97581f0659da814d3100e37648f14fb764167

    • SSDEEP

      3072:4SmTze9Z6jMieyOksVnqZ2YjKyWPxWr5t9IAYYRIeboQ3hVoXZKqkrNCiY8JHvNt:4SQzQo6ZWr5l1b/3hVC24qV

    Score
    8/10
    persistenceransomwarespywarestealer

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks