25b893a98ec19619c227699b54a71ad99230350a01173fc7a8364fdcbe84e67b | Triage

Submit
Reports

Overview

overview

Static

static

1

additional...es.jar

windows10-2004-x64

Sharing

General

Target

additionallibraries.jar
Size

106KB
Sample

240406-b1kpdagf51
MD5

d58652cf75e6e4fcbbdbacd86dffc5f0
SHA1

e33e3c4483f7db120fb7b74f192f168a2fea2000
SHA256

25b893a98ec19619c227699b54a71ad99230350a01173fc7a8364fdcbe84e67b
SHA512

2582e03a54137072ac896af0c2e1aabff961c552e613e00b45c8aeb674c5491ae66993eaf18ad8bce854ef0a084cb8bae41388714397b559d01768251e85590d
SSDEEP

3072:z7P+SAygBvkDssqVNJk7dXJmuIYS1kTF5vsXbIBCj:nP+SsBvkuAXJdNJJCbIMj

Score

10^/10

ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

additionallibraries.jar

Resource

win10v2004-20240226-en

ransomware spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://i.imgur.com/3rXsvma.png

Targets

- Target
  
  additionallibraries.jar
- Size
  
  106KB
- MD5
  
  d58652cf75e6e4fcbbdbacd86dffc5f0
- SHA1
  
  e33e3c4483f7db120fb7b74f192f168a2fea2000
- SHA256
  
  25b893a98ec19619c227699b54a71ad99230350a01173fc7a8364fdcbe84e67b
- SHA512
  
  2582e03a54137072ac896af0c2e1aabff961c552e613e00b45c8aeb674c5491ae66993eaf18ad8bce854ef0a084cb8bae41388714397b559d01768251e85590d
- SSDEEP
  
  3072:z7P+SAygBvkDssqVNJk7dXJmuIYS1kTF5vsXbIBCj:nP+SsBvkuAXJdNJJCbIMj
Score

10^/10

ransomware spyware stealer
- Renames multiple (115) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

ransomwarespywarestealer

© 2018-2024

Terms | Privacy