Overview

overview

9

Static

static

3

60c24a4c6b...21.exe

windows7-x64

9

60c24a4c6b...21.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    7c055e203155b749a047987736400bfc.bin

  • Size

    77KB

  • Sample

    230918-ca8h7agf23

  • MD5

    8252be56ede4b851b3d86ac47d048883

  • SHA1

    0cb8a4b1e4d6a6501eb122c1b10a3623b71ef0cc

  • SHA256

    a18009600efc1859dd0116564bed3888d21fb9290d7298a093d747b621427da3

  • SHA512

    66c0d8ce169077b98e285ced3a30ce68471f1133616d21944e94caf5ba3fd9e4c4ac7004180aff8836d3d4f7d5565f2a0495c8dee862d662311620932ce47231

  • SSDEEP

    1536:Xwmd24i5elXdxirTa8tm+aO8BKX3QlXY/gLKI0ccCgtqqbSEgJDkL:Xbd5i5elXdx0Tab+amnQRYoT0ccCgtqc

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      60c24a4c6b54b1f4baeaee585e5e2486bbd3ab4733de36bb28da1fdb20596e21.exe

    • Size

      138KB

    • MD5

      7c055e203155b749a047987736400bfc

    • SHA1

      17f48b45920e1f3e6581e60b0ed346b5770e8363

    • SHA256

      60c24a4c6b54b1f4baeaee585e5e2486bbd3ab4733de36bb28da1fdb20596e21

    • SHA512

      8bccbac3f0e761ef19c7a97e7474ac9dc68ac58d4bdfbe095a4778400d2655b2a98d70c301c47f7cb072e77b3e3fde07a0c9a39c151908be5f7c47e1d5f24cb7

    • SSDEEP

      3072:UPgv1uTga8za7/aApO6fCR6kMgNjTX8jI8VD/dJJO04aN5uvvmRE7xIxT62Br09Q:oKZTMPVDdzR1N5sAxBN9dRd

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (10758) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Renames multiple (9343) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks