meow | 9f6a6b42048b12c0252a242af4fbe3a0627095d947b66029ba5f12a9c0a71050 | Triage

Submit
Reports

Overview

overview

Static

static

3

f0fe71d1fe...40.exe

windows7-x64

f0fe71d1fe...40.exe

windows10-2004-x64

Sharing

General

Target

meow_crypter_exe_13030196254.zip
Size

95KB
Sample

231117-gk8n6afh47
MD5

2cfa1249453b132492477432e30e130f
SHA1

fd98c5bab24b2f37a048dcfc14fed102fedb50eb
SHA256

9f6a6b42048b12c0252a242af4fbe3a0627095d947b66029ba5f12a9c0a71050
SHA512

529af45252ad2d99236696bd3c87e3ad51797f1d0e2e4c4c6b35a7c3a0f57ac89f167c400cbd35db5686aa4f6ff8f361cbca2156d43465ea225e1feb75e33f80
SSDEEP

1536:y2b7o/fwZ1LBJki3zUNaO6TyDBaVKMRvpvXBgyHyE9aHfbDLfIWDjRk0ZS0LJQrA:W/fEdywzUIWJMf6yHyEK9k0Z5mNne

Score

10^/10

meow ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0fe71d1fe03e611fc151c6c1e94f00d7d17860b13fecce45084c62c1d619d40.exe

Resource

win7-20231020-en

meow ransomware spyware stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

f0fe71d1fe03e611fc151c6c1e94f00d7d17860b13fecce45084c62c1d619d40.exe

Resource

win10v2004-20231023-en

meow ransomware spyware stealer

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  f0fe71d1fe03e611fc151c6c1e94f00d7d17860b13fecce45084c62c1d619d40
- Size
  
  225KB
- MD5
  
  a03ccf5c66c1cc04263d94931b0764d8
- SHA1
  
  9ad5475555dd14f2109998eabcfe412d28ff6449
- SHA256
  
  f0fe71d1fe03e611fc151c6c1e94f00d7d17860b13fecce45084c62c1d619d40
- SHA512
  
  4fc507e9628c9640a3e87ed8aa5a39bfd07faefee1246cf3821b1a6314224cc7e24cbcd0a10a57fd990e114ceeada6ec2b069620ea604b8cdd0afac25d5b12e1
- SSDEEP
  
  3072:HrQCEI+T7gupEypsbBQeUHhBmmJAlUvuEY5KF5IXjs+Xbo:8CEI+THErQeKmmyl95dwGbo
Score

10^/10

meow ransomware spyware stealer
- Meow
  A ransomware that wipes unsecured databases first seen in Mid 2020.
  ransomware meow
- Renames multiple (7142) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (7971) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

meowransomwarespywarestealer

behavioral2

meowransomwarespywarestealer

© 2018-2024

Terms | Privacy