234884cbeb0c6432fecf9d0d621c0ee05e74891cb6c565358141139e5f23797d | Triage

Sharing

General

Target

imapsync.exe
Size

23.6MB
Sample

240328-rx4k3shf36
MD5

d7721d69a0a97dfa168e04dfca3ca5bd
SHA1

3bbfb8b7d90e5170fd91349f2ba103a14be15925
SHA256

234884cbeb0c6432fecf9d0d621c0ee05e74891cb6c565358141139e5f23797d
SHA512

e51aa1e923bd34ef86d0ee1b685702b88e292783ca53b989f2548cde5219a3dfef4b74b638e7c8789adc07e262c86b39d9f8c4e431ee403d308f0afc4c293ec8
SSDEEP

393216:XpfTNu9QjzdPVwW1CPwDv3uFi0Fk71xBYabp61:XprM9QlPs

Score

9^/10

ransomware

Malware Config

Targets

- Target
  
  imapsync.exe
- Size
  
  23.6MB
- MD5
  
  d7721d69a0a97dfa168e04dfca3ca5bd
- SHA1
  
  3bbfb8b7d90e5170fd91349f2ba103a14be15925
- SHA256
  
  234884cbeb0c6432fecf9d0d621c0ee05e74891cb6c565358141139e5f23797d
- SHA512
  
  e51aa1e923bd34ef86d0ee1b685702b88e292783ca53b989f2548cde5219a3dfef4b74b638e7c8789adc07e262c86b39d9f8c4e431ee403d308f0afc4c293ec8
- SSDEEP
  
  393216:XpfTNu9QjzdPVwW1CPwDv3uFi0Fk71xBYabp61:XprM9QlPs
Score

9^/10

ransomware
- Renames multiple (56) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2