Overview

overview

9

Static

static

3

89e77fbc40...8b.exe

windows7-x64

3

89e77fbc40...8b.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89e77fbc40fbec8634e14735b73e1e8b

  • Size

    83KB

  • Sample

    240202-s5dv3abhbk

  • MD5

    89e77fbc40fbec8634e14735b73e1e8b

  • SHA1

    833244644c24a547a9ffbd97f03f95d55596545d

  • SHA256

    13d6b68b492666ff031247eb3643f299c530455b5547e31b5d4525ede113038d

  • SHA512

    75d000ef3f07872e7953617f1951a92e0436291a4521581518b7538be2465b582dc530ae8c28c059d864495aacaab462f8ef46a72d6ca1c89c3493d0b57fa120

  • SSDEEP

    1536:hy+53F5HIbVSo2Zm7c660mowS/Ia20GCwkeX7OvHLDUujVT:4+5V5oYo2E7h6bBSQaLwkeXSPbVT

Score
9/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      89e77fbc40fbec8634e14735b73e1e8b

    • Size

      83KB

    • MD5

      89e77fbc40fbec8634e14735b73e1e8b

    • SHA1

      833244644c24a547a9ffbd97f03f95d55596545d

    • SHA256

      13d6b68b492666ff031247eb3643f299c530455b5547e31b5d4525ede113038d

    • SHA512

      75d000ef3f07872e7953617f1951a92e0436291a4521581518b7538be2465b582dc530ae8c28c059d864495aacaab462f8ef46a72d6ca1c89c3493d0b57fa120

    • SSDEEP

      1536:hy+53F5HIbVSo2Zm7c660mowS/Ia20GCwkeX7OvHLDUujVT:4+5V5oYo2E7h6bBSQaLwkeXSPbVT

    Score
    9/10
    persistenceransomwarespywarestealer

    • Renames multiple (219) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks