Overview

overview

10

Static

static

10

c63e304ea9...7e.exe

windows7-x64

9

c63e304ea9...7e.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c63e304ea96adc65f092324050e7f17d2a620cc432959e14465383fffde3537e.exe

  • Size

    7.4MB

  • Sample

    240320-c42mqseh38

  • MD5

    10c668fb3a7ecc9ab7eb952a14e96c36

  • SHA1

    6fd090c283efc2aee5a69eea90214f9083fd982c

  • SHA256

    c63e304ea96adc65f092324050e7f17d2a620cc432959e14465383fffde3537e

  • SHA512

    339099ee67107b0f2a8975dae917e79ba7de5f29a7d59aaba6d9e2f8ff7e24dfd363bab8fb3884d253c3e33aea7bcf639a5dc2d0a0aa26e871c0c79cad4b358f

  • SSDEEP

    98304:/KNyzHp7gBN3SE+i7DLAiMBl4uEWm2y7woefLNzn:iEbp7gBNP+mMBo33MoWLN

Score
10/10
ransomware

Malware Config

Targets

    • Target

      c63e304ea96adc65f092324050e7f17d2a620cc432959e14465383fffde3537e.exe

    • Size

      7.4MB

    • MD5

      10c668fb3a7ecc9ab7eb952a14e96c36

    • SHA1

      6fd090c283efc2aee5a69eea90214f9083fd982c

    • SHA256

      c63e304ea96adc65f092324050e7f17d2a620cc432959e14465383fffde3537e

    • SHA512

      339099ee67107b0f2a8975dae917e79ba7de5f29a7d59aaba6d9e2f8ff7e24dfd363bab8fb3884d253c3e33aea7bcf639a5dc2d0a0aa26e871c0c79cad4b358f

    • SSDEEP

      98304:/KNyzHp7gBN3SE+i7DLAiMBl4uEWm2y7woefLNzn:iEbp7gBNP+mMBo33MoWLN

    Score
    9/10
    ransomware

    • Renames multiple (96) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks