Overview

overview

10

Static

static

3

b538015bcb...be.dll

windows7-x64

10

b538015bcb...be.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b538015bcbdaa4a8997b45f88add38be

  • Size

    180KB

  • Sample

    240305-vpcdeabh5w

  • MD5

    b538015bcbdaa4a8997b45f88add38be

  • SHA1

    84842a36447d2a205d60cfa4c06fe9b6f69f2d03

  • SHA256

    189d48b6da8b247fb15f6b1021f668a8bc6739965de8dbf7cab9698478e8c2a2

  • SHA512

    02859c8cfd4cf08ebfa8440607c0b58c6b27d4c08a97ed9a81df5251ee46826a3edf137e3ec85c539ed262c39e9954a6a4b91f3ee4400017c9b054bcb5018ad3

  • SSDEEP

    1536:bIYmy/vfY+0Q1sLoCaRL5YLnQVhLZB2aBoucf09mxdGyk161KpoPvHWfkV76htLK:nhLm0LZKbf9Eykpp4ff76LLK

Score
10/10
mountlockerransomwarespywarestealer

Malware Config

Targets

    • Target

      b538015bcbdaa4a8997b45f88add38be

    • Size

      180KB

    • MD5

      b538015bcbdaa4a8997b45f88add38be

    • SHA1

      84842a36447d2a205d60cfa4c06fe9b6f69f2d03

    • SHA256

      189d48b6da8b247fb15f6b1021f668a8bc6739965de8dbf7cab9698478e8c2a2

    • SHA512

      02859c8cfd4cf08ebfa8440607c0b58c6b27d4c08a97ed9a81df5251ee46826a3edf137e3ec85c539ed262c39e9954a6a4b91f3ee4400017c9b054bcb5018ad3

    • SSDEEP

      1536:bIYmy/vfY+0Q1sLoCaRL5YLnQVhLZB2aBoucf09mxdGyk161KpoPvHWfkV76htLK:nhLm0LZKbf9Eykpp4ff76LLK

    Score
    10/10
    mountlockerransomwarespywarestealer

    • MountLocker Ransomware

      Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

      ransomwaremountlocker

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks