5b9b1df2edcdddc88c613abed6ffebea61aaea766649473769d501e7f5dc23cb | Triage

Resubmissions

29-04-2023 00:04

230429-acrx4sah5x 10

28-04-2023 15:19

230428-sp6wxaeh54 8

Sharing

General

Target

SIR02TEST.7z
Size

230KB
Sample

230428-sp6wxaeh54
MD5

61dc6039703d3a09efdf0c90d8e73e08
SHA1

1034712e72e527dd7a60b4ff08d5a653a3fd319d
SHA256

5b9b1df2edcdddc88c613abed6ffebea61aaea766649473769d501e7f5dc23cb
SHA512

f0a01b76ea5787eada77c1542cc63df07bfcc6d660dad1d9a6b79310f49680e88d57ef784a6e141c6364422ce6ec4132237d8885fe75e85a3cfa30100cf58be7
SSDEEP

6144:AmK8/VV0WtA33lUNYQmVKTzoC3PQDQYfzbbFln:AmKisW0UNYQoMB3P45t

Score

8^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  blackbasta.exe
- Size
  
  636KB
- MD5
  
  267d5c3137d313ce1a86c2f255a835e6
- SHA1
  
  c7a37c0edeffd23777cca44f9b49076be1bd43e6
- SHA256
  
  17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
- SHA512
  
  9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e
- SSDEEP
  
  12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6
Score

8^/10

ransomware spyware stealer
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer