b620fe3c4475b1e66a363f32a02402ddbf8b704c1d5b57cd33c2faf9d113c9c8 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

c5ef104253...bb.exe

windows7-x64

8

c5ef104253...bb.exe

windows10-2004-x64

8

Sharing

General

Target

c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb.zip
Size

92KB
Sample

230321-rxk4qsdb7w
MD5

d89cd901e0c6cb8f91e28fb7a0a1557b
SHA1

da2a161b09ce2c3289f8175dc13f699e1d9630c2
SHA256

b620fe3c4475b1e66a363f32a02402ddbf8b704c1d5b57cd33c2faf9d113c9c8
SHA512

920a90bf8402d50d7f70e928c238c20ac74292b27fdb8c166e67eea057c9dfbdd67c07ba4cd91e28cd71b1bdf6cda326acd5914ed8cd1bebae8db8b6229dbfd3
SSDEEP

1536:LJF2PLzFti58iLhmU36lNu+auN0TNf2fykGkdwzBMuUU+b0Ajy5O+Am00O5lCHXo:VqPi58iASqN0TNfGykfyDb+Yd5OBm00w

Score

8^/10

ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb.exe

Resource

win7-20230220-en

ransomware spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb.exe

Resource

win10v2004-20230220-en

ransomware spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb.exe
- Size
  
  210KB
- MD5
  
  f486b69dc261cbf3ffac231324015ebb
- SHA1
  
  ee1fc0b7350559fac9c23f7d832bdf2760e80b03
- SHA256
  
  c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb
- SHA512
  
  16a1d8c6a371506525c488355e799b2fd04173a4dd6e771e1fcddb380d8a4d16f1f5bd310858f3f151a9c860c3636712a63b536ca55bc2b63f03263f4e50f12b
- SSDEEP
  
  3072:QV+V98GoDHlXb6hyhwOfFAc/ZICFzhb9wl/mjF5I6yAJKybo:LVPo76y5NAcB5x9wk1VJKybo
Score

8^/10

ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy