bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b | Triage

Submit
Reports

Overview

overview

9

Static

static

1

bbdac308d2...4b.exe

windows7-x64

9

bbdac308d2...4b.exe

windows10-2004-x64

9

Sharing

General

Target

bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
Size

720KB
Sample

230329-x5hapsbc7s
MD5

163e651162f292028ca9a8d7f1ed7340
SHA1

a85ff9091f298ea2d6823a7b0053daa08b237423
SHA256

bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b
SHA512

f1cd02b07219d40d489b8000a92e20fca0c3e536a7dde25b98b7be0ce54a46349dcea9e66bef8f7fbd895ce7e5b22e3f3a46fbb9c7dcea4185b3937384f1649f
SSDEEP

12288:A+2ZzbQ32UC1pC0q1oJn2OR9YA/SnHaetVkiIGjltRztp:A+4OECVCn2OR9r/kaetNIOtZ

Score

9^/10

ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe

Resource

win7-20230220-en

ransomware spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe

Resource

win10v2004-20230220-en

ransomware spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
- Size
  
  720KB
- MD5
  
  163e651162f292028ca9a8d7f1ed7340
- SHA1
  
  a85ff9091f298ea2d6823a7b0053daa08b237423
- SHA256
  
  bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b
- SHA512
  
  f1cd02b07219d40d489b8000a92e20fca0c3e536a7dde25b98b7be0ce54a46349dcea9e66bef8f7fbd895ce7e5b22e3f3a46fbb9c7dcea4185b3937384f1649f
- SSDEEP
  
  12288:A+2ZzbQ32UC1pC0q1oJn2OR9YA/SnHaetVkiIGjltRztp:A+4OECVCn2OR9r/kaetNIOtZ
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2024

Terms | Privacy