7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c.exe
Size

894KB
Sample

231120-22txjsag24
MD5

ec8fef72a73ff94440235fc1b3f3f690
SHA1

e651cd12a2493b9c2d7ebd8287a2fd29b8f4cd9c
SHA256

7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c
SHA512

b62f2f518f4ed3d74d96551a8c7431d50bd3349221b4b01dded18a270cbdbd1441f13f3eef7a6cc0db4aad200f1cf2babeb8e937edf8827faa7a03e4b59a35f2
SSDEEP

12288:d31hZus7pQqiiyuuFuawu2zhjWBv4+1FMUUfW75CXQKXTZ1VG:1r1S+NjWx4+1SWV6Q4n

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c.exe
- Size
  
  894KB
- MD5
  
  ec8fef72a73ff94440235fc1b3f3f690
- SHA1
  
  e651cd12a2493b9c2d7ebd8287a2fd29b8f4cd9c
- SHA256
  
  7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c
- SHA512
  
  b62f2f518f4ed3d74d96551a8c7431d50bd3349221b4b01dded18a270cbdbd1441f13f3eef7a6cc0db4aad200f1cf2babeb8e937edf8827faa7a03e4b59a35f2
- SSDEEP
  
  12288:d31hZus7pQqiiyuuFuawu2zhjWBv4+1FMUUfW75CXQKXTZ1VG:1r1S+NjWx4+1SWV6Q4n
Score

9^/10

persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (10464) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (9565) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

persistenceransomwarespywarestealer