ce5cf3b964e636d546bf2c52423296bda06b7fe47e6f8a757f165a3be93c88db | Triage

Resubmissions

03-08-2023 10:09

230803-l66h5scg59 9

03-08-2023 08:13

230803-j4rabscb95 9

03-08-2023 08:07

230803-jz65zscb64 9

Sharing

General

Target

ce5cf3b964e636d546bf2c52423296bda06b7fe47e6f8a757f165a3be93c88db
Size

6.1MB
Sample

230803-j4rabscb95
MD5

a0fea954561663f60059420e6c78fa5c
SHA1

d5d37ae269008e9bfddc171c3b05bd3d43a5cd4d
SHA256

ce5cf3b964e636d546bf2c52423296bda06b7fe47e6f8a757f165a3be93c88db
SHA512

bda26b069df556e88a763c3fc77990d13c73b2d314333db60ec8fc06091fd656c235fbd46eb8c2ea5287fcdbbb413cb3a550f2475a4ad95894a67ae5b130df50
SSDEEP

196608:iMa/eLKguAgyc2gcnhcPQwjQwX746VYx:zuAs2guc4FfNx

Score

9^/10

pyinstaller ransomware spyware stealer

Malware Config

Targets

- Target
  
  ce5cf3b964e636d546bf2c52423296bda06b7fe47e6f8a757f165a3be93c88db
- Size
  
  6.1MB
- MD5
  
  a0fea954561663f60059420e6c78fa5c
- SHA1
  
  d5d37ae269008e9bfddc171c3b05bd3d43a5cd4d
- SHA256
  
  ce5cf3b964e636d546bf2c52423296bda06b7fe47e6f8a757f165a3be93c88db
- SHA512
  
  bda26b069df556e88a763c3fc77990d13c73b2d314333db60ec8fc06091fd656c235fbd46eb8c2ea5287fcdbbb413cb3a550f2475a4ad95894a67ae5b130df50
- SSDEEP
  
  196608:iMa/eLKguAgyc2gcnhcPQwjQwX746VYx:zuAs2guc4FfNx
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2