Overview

overview

10

Static

static

10

fc81a25f8f...69.exe

windows7-x64

9

fc81a25f8f...69.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

  • Size

    732KB

  • Sample

    240326-e2e23ach97

  • MD5

    579f0a2740ffc2304c75ebebe47c29a7

  • SHA1

    424d6b1ac5ca3f45e794ed04e13280b3f32b8319

  • SHA256

    fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

  • SHA512

    38777997a1a9f656bd422151a5e04817c8423a0be26490891adc462e1f05163e9204a6cfbe847312355ba1323ed78aad657b41af86fb4077dfc98f5246add64b

  • SSDEEP

    3072:SNLJAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:SN6VdRQ/vqkg1gEagdgH

Score
10/10
xoristpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

    • Size

      732KB

    • MD5

      579f0a2740ffc2304c75ebebe47c29a7

    • SHA1

      424d6b1ac5ca3f45e794ed04e13280b3f32b8319

    • SHA256

      fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

    • SHA512

      38777997a1a9f656bd422151a5e04817c8423a0be26490891adc462e1f05163e9204a6cfbe847312355ba1323ed78aad657b41af86fb4077dfc98f5246add64b

    • SSDEEP

      3072:SNLJAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:SN6VdRQ/vqkg1gEagdgH

    Score
    9/10
    persistenceransomwarespywarestealer

    • Renames multiple (730) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks