86b9220da50fbb87dfb8d48d5c582a66c1c812b19d20f908a43f236d7259f2b4 | Triage

Sharing

General

Target

Crypter.exe
Size

11.1MB
Sample

230802-nnnaysed75
MD5

ea7d34e12ae28991aaf7705822e17504
SHA1

1eb54421b7cfa3be517615a1ba6c1ded7dc9d28a
SHA256

86b9220da50fbb87dfb8d48d5c582a66c1c812b19d20f908a43f236d7259f2b4
SHA512

b2bac47d007f3903c6860b318f617a00a69d4c86cdaedbf4a1cb88cbaa4bf862f771258f131894388910af18a17ee089360653fdf7b51baaf4edc74763b98d87
SSDEEP

196608:f+gmbNoP1HOXfZ8bntIsKGa2KOZo45AB+cQN63GcwFC5cMMmj:fumP1IR8Jra27ZoAc+cQN63GUR

Score

9^/10

evasion persistence pyinstaller ransomware spyware stealer

Malware Config

Targets

- Target
  
  Crypter.exe
- Size
  
  11.1MB
- MD5
  
  ea7d34e12ae28991aaf7705822e17504
- SHA1
  
  1eb54421b7cfa3be517615a1ba6c1ded7dc9d28a
- SHA256
  
  86b9220da50fbb87dfb8d48d5c582a66c1c812b19d20f908a43f236d7259f2b4
- SHA512
  
  b2bac47d007f3903c6860b318f617a00a69d4c86cdaedbf4a1cb88cbaa4bf862f771258f131894388910af18a17ee089360653fdf7b51baaf4edc74763b98d87
- SSDEEP
  
  196608:f+gmbNoP1HOXfZ8bntIsKGa2KOZo45AB+cQN63GcwFC5cMMmj:fumP1IR8Jra27ZoAc+cQN63GUR
Score

9^/10

evasion persistence spyware stealer ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2

evasionpersistenceransomwarespywarestealer