afa6503c9de3f2f6995fdfd357d4ec8781045f78245ed3877a48f35a39e9adb0 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

sample.exe

windows7-x64

9

sample.exe

windows10-2004-x64

9

Sharing

General

Target

ad328952c84a602fff1affae679f1a5edcd9b481e752c9963fdb23c2ee6a5d68.bin.sample.gz
Size

76KB
Sample

231022-s1dphaad3x
MD5

b6d65012eeade920e967b58bb51a2e92
SHA1

f8e9f13ab9221b9c933bd8ec69543e1248a465ef
SHA256

afa6503c9de3f2f6995fdfd357d4ec8781045f78245ed3877a48f35a39e9adb0
SHA512

c9f646ca3f8287f29026ccd8c85aca681fda31e4c17780d5f46b88edfcf6cd7c6299324d4e060decdde347f4213e2124390730735150b34fd4f987783e47db43
SSDEEP

1536:yMcEoQSn76E9ynOBzfJj0zMaJ5xKsZ8HJTjpffTMbxtkMi6e1thzJ3:5cEoQ+6EInq7JAPjgO8FjpTMbxSTrhZ

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sample.exe

Resource

win7-20231020-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

sample.exe

Resource

win10v2004-20231020-en

ransomware spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  138KB
- MD5
  
  29cd4e58fa0e2eb5fe000153fccbeaa4
- SHA1
  
  6eb4bde6dd030a02800be2d374087b23aecd2503
- SHA256
  
  ad328952c84a602fff1affae679f1a5edcd9b481e752c9963fdb23c2ee6a5d68
- SHA512
  
  1843d3d221f82830a246f4ca6f118ee4e67654bc852674b62dcd3b8381697c0d945e6e01ac43d6b27e2f72059cf05c692148e7b9aa5ba9c5630dc403d35dbb75
- SSDEEP
  
  3072:/Pgv1uTga8za7/aApO6fCR6kMglPTX8jI8VD/dJJO04aN5uvvmRE7xIxT62Bb09Q:HKNTMPVDdzR1N5sAxJN9dRd
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (6286) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (9900) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

ransomwarespywarestealer

© 2018-2024

Terms | Privacy