Extracted

Extracted

• • Target

    gorilla-tag-monke

  • Size

    156KB

  • MD5

    c90731af4650b56d9e83b9b3628b1017

  • SHA1

    0793b17f8c0376261c75a042f81757d64860d56c

  • SHA256

    1f55ed37f443441f832854493f3b658cd955e0abcc855e45bc950c80224c3b67

  • SHA512

    67f1b66dd2729f7ec88bee53b7c80b6323354a42f1f2bbb79a03d2652d5f8232f906994d6df2a981cdf894d493ad8e8ab967c20f66be621d4c08e666bd83bdd3

  • SSDEEP

    1536:BUvTJMcdX5G8oz66l3gT3eWr2Y+NXdBAC7ho9kLfnYXTlGykh3u9kV/tWGzjy0EY:EJTzeLgERGKt0csjFh1+6Di

  Score

  10^/10

  troldeshwannacryaspackv2persistenceransomwarespywarestealertrojanupxworm

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Downloads MZ/PE file

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1