Overview

overview

9

Static

static

1

c3fb821138...c1.exe

windows7-x64

9

c3fb821138...c1.exe

windows10-2004-x64

9

Resubmissions

17-04-2023 22:18

230417-176ymagc84 9

17-04-2023 18:30

230417-w5yf9afe97 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3fb821138d38ef9a2b0c77a4a3572ca38499b2dac3530c4a5faf2f789d57fc1.zip

  • Size

    246KB

  • Sample

    230417-w5yf9afe97

  • MD5

    5411b6db3178c3bd38648b4f0c5d356e

  • SHA1

    9f9c83746c97725813d71591e37dc99488c6855b

  • SHA256

    1f5f5988cfc776f3724171a65bf8bc51dc44884daae3bd90e94022cbb27875bf

  • SHA512

    53b83b02a959a89c3a2b00a739fa990d3bef6ac99f83d708c1cf7bd630cee8fd29e74aae48a5bd78dc8b0fbde5e128ff24db08175e34871d0f401d96590231ae

  • SSDEEP

    6144:bIPW7E5Il5D6ljDxiwzEpYwoZ+O9g+Z6eQerb:bIyilXxiARvZ+Mg+Z6HU

Score
9/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      c3fb821138d38ef9a2b0c77a4a3572ca38499b2dac3530c4a5faf2f789d57fc1.exe

    • Size

      911KB

    • MD5

      728eaa91a4c3490b977370c86afcf3a6

    • SHA1

      aaa32b7462f838a53e2966a308f4ce2a298211ff

    • SHA256

      c3fb821138d38ef9a2b0c77a4a3572ca38499b2dac3530c4a5faf2f789d57fc1

    • SHA512

      77cfdf44235c1d44da3f2550fdf2e720a6cdea6bed7faaf55e55c8c5fe5e4abcb03f55a35175633a532051f1b68bd790cfabffece844f31db8b6abd9bd2371b3

    • SSDEEP

      12288:s07Fv5p+s9GIOiiGuu2NERWwjcgimpDLjNmS0fvxc38/YAX1:B5KsbWwjcgimNLRmS0f5U1AF

    Score
    9/10
    persistenceransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks