Overview

overview

8

Static

static

3

ad0c0b6b81...10.exe

windows7-x64

8

ad0c0b6b81...10.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    98a0648c100d8b13b15302a36d44f0b0.bin

  • Size

    227KB

  • Sample

    230528-b57dyadg98

  • MD5

    e97874478cd0c540efa29d92c5da62a9

  • SHA1

    8482a5ead9fdb399b132f552f2ec1f6292e9bd5d

  • SHA256

    7e10e2896793a80c732bcbe8dd8c7741434f5e89dde396379d8c98c6586ca817

  • SHA512

    28617c60c648d5399645742ac5b8fa922f606eb26cbdfb72c1c696f2cd7dc5ded783425ba883ffca9d40888ceb5cf42cd004f84dc80f6fea404bb958479f5c7d

  • SSDEEP

    6144:DxLWLCS6m5k3eSrvOzfvEFpy1rxhuxicY0SEo/f:1Wp5gr2fvEFpkrxhai5f

Score
8/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      ad0c0b6b81da28344e8444989150b63dc8b21fc88bd0b56fb5b3f7ff233ea810.exe

    • Size

      372KB

    • MD5

      98a0648c100d8b13b15302a36d44f0b0

    • SHA1

      df228d2c11e1bd4815901c33b005cd1e8d3fae7e

    • SHA256

      ad0c0b6b81da28344e8444989150b63dc8b21fc88bd0b56fb5b3f7ff233ea810

    • SHA512

      40c1cb44ec29552c9f6e400ef2686c8cb290ac1fe2047ed7c8129d0cd398ed758d8b711c3f24b98b50190b29fa41e9b564d0b401ef0acd9f20756571c9b60dc1

    • SSDEEP

      6144:k9O7z0c1gnBs3zybldea4tcSDALykmjD8mkrh3xAJJ6Jc2cT1kA:+c1QB4z64ZtT8Ok0urh3CJea

    Score
    8/10
    ransomwarespywarestealer

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks