Overview

overview

9

Static

static

3

winordie.exe

windows10-2004-x64

9

Resubmissions

11/06/2023, 20:03

230611-ysw4rsae8y 7

11/06/2023, 00:54

230611-a87nfagh51 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winordie.exe

  • Size

    15.8MB

  • Sample

    230611-a87nfagh51

  • MD5

    d2bb70e420450f0e823d3d8bbf769aa5

  • SHA1

    56c739c83e4bc13e585c6916b7597b5e4b870242

  • SHA256

    594acbaaab5d0bcdaca4525de83177b5b9ea57c7b231d61f9c1ad7b02beb85c7

  • SHA512

    5f7a82a4640189c5983ec9356fd3f5c60dde700c7a91bb82c02c912d09899cecb33679186d5da05c1745d375728cc86d5cd8b016e6fde8a1d8a4e039f289e28b

  • SSDEEP

    393216:L7Y2ayxDfDllpfaMPXaw2mW8a82FdtAPtUP:3Y2dbhHf9Pj2mW8aNIq

Score
9/10
pyinstallerransomwarespywarestealer

Malware Config

Targets

    • Target

      winordie.exe

    • Size

      15.8MB

    • MD5

      d2bb70e420450f0e823d3d8bbf769aa5

    • SHA1

      56c739c83e4bc13e585c6916b7597b5e4b870242

    • SHA256

      594acbaaab5d0bcdaca4525de83177b5b9ea57c7b231d61f9c1ad7b02beb85c7

    • SHA512

      5f7a82a4640189c5983ec9356fd3f5c60dde700c7a91bb82c02c912d09899cecb33679186d5da05c1745d375728cc86d5cd8b016e6fde8a1d8a4e039f289e28b

    • SSDEEP

      393216:L7Y2ayxDfDllpfaMPXaw2mW8a82FdtAPtUP:3Y2dbhHf9Pj2mW8aNIq

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (2756) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks