Overview

overview

9

Static

static

7

917e60e904...5b.exe

windows7-x64

9

917e60e904...5b.exe

windows10-2004-x64

9

Main.pyc

windows7-x64

3

Main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    917e60e904de5c286188692892de40704060e4e212a6b364b816e8c6cc5a805b

  • Size

    6.7MB

  • Sample

    240101-rd1p3segc2

  • MD5

    4b8c46c9da0e9e3bdb4018c1bdf068ae

  • SHA1

    aea0a83a956c374e4ff7c7fce4e0f1382b190a23

  • SHA256

    917e60e904de5c286188692892de40704060e4e212a6b364b816e8c6cc5a805b

  • SHA512

    bec7d54e197848e2ff765969849ef8264d0ca539b19610999dae33f72e1492f455ede120e06a68d20f1fa06b4b5c5a04e3b3acfc3c2e18034a7b50d389a3c6fc

  • SSDEEP

    196608:xSgWfTE2+WrXYEcuRfkJ2Z9Jq5dOYo+Xl7pY6i:xVWfTiW0BwfKk9JMo+3

Score
9/10
persistencepyinstallerransomwarespywarestealerupx

Malware Config

Targets

    • Target

      917e60e904de5c286188692892de40704060e4e212a6b364b816e8c6cc5a805b

    • Size

      6.7MB

    • MD5

      4b8c46c9da0e9e3bdb4018c1bdf068ae

    • SHA1

      aea0a83a956c374e4ff7c7fce4e0f1382b190a23

    • SHA256

      917e60e904de5c286188692892de40704060e4e212a6b364b816e8c6cc5a805b

    • SHA512

      bec7d54e197848e2ff765969849ef8264d0ca539b19610999dae33f72e1492f455ede120e06a68d20f1fa06b4b5c5a04e3b3acfc3c2e18034a7b50d389a3c6fc

    • SSDEEP

      196608:xSgWfTE2+WrXYEcuRfkJ2Z9Jq5dOYo+Xl7pY6i:xVWfTiW0BwfKk9JMo+3

    Score
    9/10
    persistenceransomwarespywarestealerupx

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (297) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      Main.pyc

    • Size

      12KB

    • MD5

      602f70623e4648723a1ea230f053a1bf

    • SHA1

      e1e0ca9fdacfdf1c5aa520393fe1f549ffed3369

    • SHA256

      c6fe5ce41c02038586c776813b53d2400142f98c4370e1e04a67cac8b5d38cca

    • SHA512

      aa41fab6724d7366edab4925dda39aac806475d9763964d94852be532bde309ab85b50f8e38ea73df9d238ba3383aa2ab0f1f2517f15d5828a5c1c19790555d2

    • SSDEEP

      192:cM/H7S3jxNpK5Wal7AKm3G2SJD7hCUGeA/9y/dvh2O8m5PHoL:ceH7YYQWp5Aem9wdU5

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks