Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9

  • Size

    2.1MB

  • MD5

    e4bf35b81bfaa0e789ad9461dbacb542

  • SHA1

    dcf7b855b2c3516a6b88a410ef5b44a2c650f62d

  • SHA256

    04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9

  • SHA512

    6635342515a01acde48792cb362dc9e5bd7ffc4fe6a9b8b2fdb0d6c8758d79db847daf28e2fe700a898425214d95d2707337c900c695a47cfd9dada946adf64d

  • SSDEEP

    49152:Iw80cTsjkWanAlfiebWlHcA+G6HYaqK3hUQrObmyPYjR+:Z8sjkrgWezG6lh73jR+

  Score

  10^/10

  collectionpersistenceransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1

• • Target

    0ed3c87ce3ae58f3dcbf46fa022acd3cbbe0b96af2e9f7a47eee0dd50af88507

  • Size

    2.9MB

  • MD5

    ec2a8d8f7853397f86a4c96fdbe01b19

  • SHA1

    daaeb314219acb7f10268512c8358a6941d53da3

  • SHA256

    0ed3c87ce3ae58f3dcbf46fa022acd3cbbe0b96af2e9f7a47eee0dd50af88507

  • SHA512

    f75ee827b41ff1783208f3116130b8c29c958059f589b8df4d423896bafa24f4aae5a19a990271a2caf98880772b23ad719c7c141b8e1ea6f0e1eda58f0a4e68

  • SSDEEP

    49152:yKRy/NLHsvdoewagi6rndXTrKdRRzsdydWLToel51txKRy/N:yKRshsdo/PrndXTrKdRRwZLJl3KRs

  Score

  4^/10
  behavioral2

• • Target

    1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9

  • Size

    5.3MB

  • MD5

    393247c068ff136a28c6ef99a0e004ad

  • SHA1

    d1acbc1d3f796745de7fdb65fe290f2876bf38cd

  • SHA256

    1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9

  • SHA512

    6bd2bf2f9c1e89e77d4365c73cb9e13782b2055dd7e5b6d54bc45265349e8d569fe7036c99f582ee47d9d6b8a41bc8eb02524baba8ed9c7d69975c27169b5afe

  • SSDEEP

    98304:Puzw2CTViOip5X+MHsMgBXN2/H4QJP6u822wpXJun9TLrynQnI1:PuzITVb0OysM49vgPCMJwHy/

  Score

  7^/10

  vmprotect

  • Loads dropped DLL

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  behavioral3

• • Target

    30e66f95b46c8162c921648e31f8c4146ba3f0580f4e5aa3b4c4de18687f6a49

  • Size

    1.2MB

  • MD5

    9d43722941309d477e25b7d48b085d00

  • SHA1

    79793205208d8679b1d1dfe06475a4e52c8b1846

  • SHA256

    30e66f95b46c8162c921648e31f8c4146ba3f0580f4e5aa3b4c4de18687f6a49

  • SHA512

    7f2e8a7c38776c1b3c2898b9c7367f51060b4a6ca1385314fd2da417cfe2d18a84f6891dfe18ef28e477037ed84eb2fbbecbeef294751cff0de52ea6c9566efd

  • SSDEEP

    24576:K6FBigVov3pjeA+07ASgSl+YYxJuWMvV36/K+VLebSKLvBTyPj+dyqG2W0b1:7Bi53w3eqi+mfJujkyqG29x

  Score

  9^/10

  evasionransomwarespywarestealer

  • Renames multiple (683) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops file in Drivers directory

  • Manipulates Digital Signatures

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral4

• • Target

    335160bee7e253c4ffa69e5164c4a36fe5fb4be2c246958dfcc509d8202db5cf

  • Size

    3.7MB

  • MD5

    9c7e90d7637277bb4f4985405eb0ace9

  • SHA1

    5b0899d790eb4a37260e5d9b8a2ad3f2ada55b1d

  • SHA256

    335160bee7e253c4ffa69e5164c4a36fe5fb4be2c246958dfcc509d8202db5cf

  • SHA512

    7b57021edfa1108558c2d02df0600de55fd9338dfebc044c03dc677072975acc216a0374cff270d9d75f20e5b92b252f75b2ad3b94f603e7a09f69c14ca888d9

  • SSDEEP

    98304:Pvqlou/EtfzJS+1S6+T9aLcNvvj5Pudln7QktFJLRyC2hVW13:w/Q7I+T8aLcNvvjQn7QkjFkDVW

  Score

  10^/10

  matrixdiscoveryevasionpersistenceransomwarespywarestealerupx

  • Matrix Ransomware

    Targeted ransomware with information collection and encryption functionality.

    ransomwarematrix

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Drops file in Drivers directory

  • Sets service image path in registry

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry

    ransomware
  behavioral5

• • Target

    3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567

  • Size

    3.1MB

  • MD5

    3e24d064025ec20d6a8e8bae1d19ecdb

  • SHA1

    aaf26fd22d5cab24dda2923b7ba6b131772b3a68

  • SHA256

    3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567

  • SHA512

    02eeddcb6d33dada9214503ab460d409ba429dfb00c756722188e2b7b9a65dd054a0bdacf45613ef3d6aa9524f256da155e33daf94eade384dc94f7716724896

  • SSDEEP

    49152:yAqPm6R8fkBn5GSOsnvjXo2KzB931XYPy:0O6R8fklXo2KzBHX

  Score

  1^/10
  behavioral6

• • Target

    42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046

  • Size

    1.2MB

  • MD5

    85f7df557b52cfb4850dbdd5040417f6

  • SHA1

    4773ecc3311a02f7a9851ef8721c2ab6e903ea78

  • SHA256

    42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046

  • SHA512

    ff2dc51db02259df61c70985140ae8f65690fc910ecc6161f65f71208a0ee0bacc7bd6df5dbc7802fa4cb4ce03968f52e3bf949c21b24a0fc543c6e473d686f1

  • SSDEEP

    24576:f6FBigwov3pjeA+07ASgSl+YYxJuWMvV36/K+VLebSKLvBTyPj+dyqGYV0b1:YBiI3w3eqi+mfJujkyqGY2x

  Score

  9^/10

  evasionransomwarespywarestealer

  • Renames multiple (734) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops file in Drivers directory

  • Manipulates Digital Signatures

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral7

• • Target

    4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2

  • Size

    4.7MB

  • MD5

    e86893b92eca6e8dfbcfb9bbc08ee973

  • SHA1

    acaf1392ea344a074cd4dd47faa6a7e1530747f3

  • SHA256

    4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2

  • SHA512

    24f258fb7f088b9c139ef83dd90c63248eee3e85b871841406765386dad20e48d2b8cdd19a0e165e10ff5eeb4494bafd3c84989f3f73112c1273399f7b23f635

  • SSDEEP

    98304:0s7ZE5JsxXe8NpqBjkZxHJMAM0hsEfIOC34SSPl0V1Eo7N3grvl0iqN+XW0FUlK0:0srXe8NEMMAZhsXOCYe3P7NuI4WHlK8

  Score

  10^/10

  dharmapersistenceransomwarespywarestealervmprotect

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (339) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral8

• • Target

    5994300c1c7d099bec13d2a6aec942a6a866966e9545773d3fbe26cc5e308da7

  • Size

    4.8MB

  • MD5

    5a3c5576c359ce4f40b3274209db2e76

  • SHA1

    8d38f1c0953013d623bea6d6f6f47d5a0c7027f9

  • SHA256

    5994300c1c7d099bec13d2a6aec942a6a866966e9545773d3fbe26cc5e308da7

  • SHA512

    a9780e15702531d22a7088bb1de49c083499244819732f07c7a1c22bea00aa3592231766adae42ea8f980896a659a46a51a58e4e366a35e327f9d788ff88e5eb

  • SSDEEP

    49152:Dc2Ee3ScTnrb/T5vO90dL3BmAFd4A64nsfJG0CJZGSUeU/o/ZsPfNW7Ew5EzUgr0:73l8ZSUOyaEUVHB72INLu6SZJZ

  Score

  10^/10

  evasionransomwarespywarestealer

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Stops running service(s)

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral9

• • Target

    627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3

  • Size

    31.9MB

  • MD5

    446fb9d942879e16c30b4cdd4cfca25f

  • SHA1

    15db57519b54475ca7961a558806c6c49df85d5a

  • SHA256

    627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3

  • SHA512

    14ec30f91f678fe0ae4b3d681389f4f5a5a01ea2b0cfaf7835025206bde8589f78e3a3a1308089c3331d650ee539ed9dbe723ca7edc72cb3b1996ef7b1d0ad6f

  • SSDEEP

    786432:k+yF8WWxUdUd1LRphkc3FphBWGlso5EYW8GUCUEDDu4Kucccd8:WF8WWxUUddRzFphBZd5E7UCpDfm

  Score

  7^/10

  • Loads dropped DLL

  behavioral10

• • Target

    63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f

  • Size

    7.2MB

  • MD5

    14d4bc13a12f8243383756de92529d6d

  • SHA1

    54b8fc5de74856d90cad60da8cc41b98940e6a15

  • SHA256

    63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f

  • SHA512

    bbf499f3c3c20d5fe4310995edff3955365398923e6131cb318ee3cd762e034cd798e826bae00a680053846ef2a50c5f153bdb4d2d8cbc93688b9f8a8cf5b55a

  • SSDEEP

    98304:1VRCs/IYJ5dqZqbKW9oNV8xOerpA8sNqdKe+GCsJ+JjhLeA6dw3:1Vt/TqcbKLpea8s3XsJ+Jjd

  Score

  1^/10
  behavioral11

• • Target

    645b8dfe73255d9e5be6e778292f3dde84ff8c5918a044ae42bcace0fe9ca279

  • Size

    2.4MB

  • MD5

    38529ecca6f8857442331c40e1bd5f9d

  • SHA1

    37fe11751277dd8cc889e0c05d7fde88b98aa67c

  • SHA256

    645b8dfe73255d9e5be6e778292f3dde84ff8c5918a044ae42bcace0fe9ca279

  • SHA512

    a837e6f5452c939f7a7dcf16613fab486bb584c20aeb3121748d1dae731c4161a19ea2f9863bf621dc8c61101860b3ebfb3c4a780c8f1c07bd1ad59c90540d4a

  • SSDEEP

    49152:hxFNFf4ZjhxNdNGa5YLuOARYNdNXc0xI5mmswos1:hxF7Q3xDAa5qARYDS0xIg

  Score

  1^/10
  behavioral12

• • Target

    64862ec69991a7d454c3ea3a0c3a8f1cc9c80192078740b9c753abbf1b7bef1b

  • Size

    1.7MB

  • MD5

    2b34badcdfb0921ee43548475c0ec5bb

  • SHA1

    2cfe28584ae7649e3fe0ae150bfe49f7eabc6cf9

  • SHA256

    64862ec69991a7d454c3ea3a0c3a8f1cc9c80192078740b9c753abbf1b7bef1b

  • SHA512

    c31ac862ac9211821332aa8fd03110ca3ef89304fead4a900d2190c4a3950d2d6e5704b06ab3edf2ea6c6d3b9c225e5220e62496dc42948ec6125618924f880c

  • SSDEEP

    24576:++H1KCVkwjVSjdao2bwzUaSze1AeHm/gcgX+7waf7gm7yZADfBFdOgSeiseIK1S3:399byqze1I3o+rH+MFdOsZvShn9T

  Score

  10^/10

  evasionpersistenceransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Disables Task Manager via registry modification

    evasion

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral13

• • Target

    741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e

  • Size

    2.4MB

  • MD5

    675716e76d329c21fd1c8584c4bbf4e0

  • SHA1

    3f31361a356346980a458f72639b167f8557d997

  • SHA256

    741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e

  • SHA512

    33990b75e05409956567e2c417c4af3cefed346d18b1c990651ba9ae55f4c41e448f48e708ebb3f0a47dd2f95a648d99fa49b1f53bd68275754a98662451b75e

  • SSDEEP

    49152:T1qnoAYJ+dAyibulZllnhELJPA2GINhptUhwRVmif4lqKw1UWHgCw8SbdkYMy:pMoAYJlyi8WBAypSQVf4l21xw80ke

  Score

  10^/10

  xoristevasionpersistenceransomwarespywarestealerthemidatrojan

  • Detected Xorist Ransomware

  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

    ransomwarexorist

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Renames multiple (2154) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  behavioral14

• • Target

    7554a27519a2c960152cbe49ecef3948cf7bad12fa21cda62c8c236bbddb502d

  • Size

    2.0MB

  • MD5

    7d3d04681922c50a4d7e716ebc2fd3a6

  • SHA1

    8cdf195cf57a871e13fd67a9a9ac6dd836b9e958

  • SHA256

    7554a27519a2c960152cbe49ecef3948cf7bad12fa21cda62c8c236bbddb502d

  • SHA512

    65846e9852a967cca13de0e62f2d6c4489c84bd0e4857d68dbcef48dc4db7326e8fd8252bfb6bdf9fd780ad6059ff559bfb6df69e741a75a22ad14da6bc0c803

  • SSDEEP

    24576:XN+lSpYnaceEGmmgqPpcfiBKs7qN9zg5MFkXgMkBH1n1yr6hw1R0D+UlVkG0lC99:XsaQe9DhyVu4wZkTn1yp0D5sS1HpV9F

  Score

  7^/10

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral15

• • Target

    80bf2731a81c113432f061b397d70cac72d907c39102513abe0f2bae079373e4

  • Size

    4.0MB

  • MD5

    d59aa49740acb5e45ecb65da070035e3

  • SHA1

    4086107b3fb71fb02361306da6099a85be97ae1d

  • SHA256

    80bf2731a81c113432f061b397d70cac72d907c39102513abe0f2bae079373e4

  • SHA512

    459805b020b78399fae8ac5e8ed439df1b8852519014029833794d2eaad1b1f2aecc3aaba99ae52a0881cf57987d4a60298acce04a9fa9299e9d21a832a335a5

  • SSDEEP

    98304:4gwRDvguPP+oGPn58kcuf2ilfio/roYs30f2hi:4govYoGPn5/ui8hi

  Score

  10^/10

  mimicevasionpersistenceransomwarespywarestealertrojan

  • Detects Mimic ransomware

  • Mimic

    Ransomware family was first exploited in the wild in 2022.

    ransomwaremimic

  • Modifies security service

    evasion

  • UAC bypass

    evasiontrojan

  • Clears Windows event logs

    evasionransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (6574) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes System State backups

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Sets file execution options in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral16

• • Target

    8cc9f83e2ec4d36e50ec8407932ff3b8a7ad188a0cb95dad78028cce7921e492

  • Size

    23.2MB

  • MD5

    a3e60b4c3bbc4f5d00a21a22c8992716

  • SHA1

    3aef215dedad59012597b4828b7e4ed1d41ad742

  • SHA256

    8cc9f83e2ec4d36e50ec8407932ff3b8a7ad188a0cb95dad78028cce7921e492

  • SHA512

    87acf16c9240caa1f48a4e4d377eb642474f19df656d9c53526358f0862c1d8f83fb32050a5918f669ead105296d9858f2120347e11bfd666fbe6f5ee4d5967c

  • SSDEEP

    393216:MKfBJaxuIzEhbP7xl9GMToeL7QXy5SkmXZQjlf5alYftktB6FYNX9Mh9PVoXNRLI:MKZJaxl8bPDjLU7RXK6lYfCvyh5CYa0r

  Score

  7^/10

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral17

• • Target

    9c80067790a910e99831e1c546fd569fb273cb34db2710fe99281d1c53475795

  • Size

    1.3MB

  • MD5

    22a975eb038011095e8b9ff9a3078ffa

  • SHA1

    f2762fb4a819dad55daf7ae3f9e96753f04df94c

  • SHA256

    9c80067790a910e99831e1c546fd569fb273cb34db2710fe99281d1c53475795

  • SHA512

    6cecf00b511ac39acf1b5920996b920787e13c6fbc9cc3fe46526c044f0d6813da55ee88205b8138033b55915ae6fd31c1149bef07b3116cb2459de017334a52

  • SSDEEP

    24576:qI0Clbs7Kjsbs0pwKR1aQ9qVLUOHkXzWsfI9mO35s8RI93VZ4+nnI6i207pCS1Rp:oClbs7Kjsbs0pdR199qVLUOHkDWsfimT

  Score

  9^/10

  evasionransomwarespywarestealer

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral18

• • Target

    de1793d8db7f58f0ef53bee7fb0942ef4c6c348e4a547b6cfeb74ffa8de56cdf

  • Size

    9.8MB

  • MD5

    d07e516fdc1272e4e942e34a87f80e62

  • SHA1

    22505c7dd91d27defe4ca7e6d6dfcb5aa46a0ea6

  • SHA256

    de1793d8db7f58f0ef53bee7fb0942ef4c6c348e4a547b6cfeb74ffa8de56cdf

  • SHA512

    fcb35f419bd089d2e4002e3dbd57082612dda8fb6d9b782bcede5a29ee63f1bd94f83e8b757dd89bc5c2930b9a3ad7fccf648bb3b83c43a4203e087e76bdc53d

  • SSDEEP

    196608:L7uz6d21DDBeEEPpFYwUL4wi1c9en8Odqsem32RrpcNFmRMA67raxE:L7u+mwEEoRLmZnqs63/SuE

  Score

  3^/10
  behavioral19

• • Target

    de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e

  • Size

    5.2MB

  • MD5

    8bd7cd1eee4594ad4886ac3f1a05273b

  • SHA1

    ad046bfa111a493619ca404909ef82cb0107f012

  • SHA256

    de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e

  • SHA512

    62e0946dce24a8bd5c98470edd8665acf2a99eb4016936e937cec806b12ff7be1bef323e5f44225046a8a6b676873ce00c35a7a2f52b864d2709fd16a273c9af

  • SSDEEP

    98304:YqFOH+gETpGHN/MC8gehPP8E4dJHDCkjpqLaINhm4PlVVEzY:YqtgEMkrVPiDCQUphmulnr

  Score

  1^/10
  behavioral20

• • Target

    dfef52ffdea9d5129cd6bf0b3df2997db40091a4bdb7f356f48feec5ac5ebcfe

  • Size

    8.6MB

  • MD5

    ef593e4713e733dbe75277f79f76ba01

  • SHA1

    6ae75342e56ba64f5b8d4a86cd14beeb1b2ed1fd

  • SHA256

    dfef52ffdea9d5129cd6bf0b3df2997db40091a4bdb7f356f48feec5ac5ebcfe

  • SHA512

    566b2f292498c9cb0ba4f99a3ac658df8f31c7e5e79bc4773027461cdf77bb96922cd461223b47bc5a8d45b6408cd358a5b4135b48093ce75d6abed60c72aeb3

  • SSDEEP

    196608:cVB3kHo8Nb2ga7OFQOurL3Vz8uZMb3ObpSzZTfurSu:mmIO2iQhlzBZMb3dzZfsS

  Score

  7^/10

  • Loads dropped DLL

  behavioral21

• • Target

    f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f

  • Size

    3.9MB

  • MD5

    e935daaad632a9539fcddcb2839a4413

  • SHA1

    96f7794f17ce6d4f4bd34242b86035728612cd6d

  • SHA256

    f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f

  • SHA512

    515fe24aa8203c83e58ba59621bc057da2b6f9f5529dd18fc11b5f3001503d10d06ec58d654f1446707113581c4d51d39e4144f47a7ab1a80fe609c89d8bf9c8

  • SSDEEP

    49152:QqfUqBfTafqaa5Xa+Xyqr5LFZBUM2/x102UlJnI7mRkyMDiNZri3r8SZ:QqfHr+qF/C0rBN2Z/yMDiXgr

  Score

  10^/10

  ransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (7816) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral22

• • Target

    f682e063bc2c822fbe3083507b0717b1f8bc244149ed9acd9a78566f5a79a140

  • Size

    4.5MB

  • MD5

    6dab3197c3332edd2b1d6eb9a362b407

  • SHA1

    007aed90515d81779eae9b7a4b5676f158fc8d49

  • SHA256

    f682e063bc2c822fbe3083507b0717b1f8bc244149ed9acd9a78566f5a79a140

  • SHA512

    cc47a75c1189222dc1334c6773acfa2ee561f2df1a63553374e9997696b1fdf02ce3a6389e4690db6b9b0ec3ae73663f5aa1007e63ef91df43371e77a65b1157

  • SSDEEP

    49152:p3Uc3/rb/TzvO90dL3BmAFd4A64nsfJ1e76Gn3oJymCTCCC5EigrabyP2NgIbgzI:F30MAJJ/Eg2uNT6nNbOC0DCZFOs

  Score

  10^/10

  ransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (7879) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral23

• • Target

    f7537bf47cc039b9cda59c844faa90a75ba80f08148166fd83ff10a0bf55120b

  • Size

    4.5MB

  • MD5

    34ca54d0a320c9562508906a1cd5b3f7

  • SHA1

    9bb0676124632562a65d3b09ca2cd884eb2a0123

  • SHA256

    f7537bf47cc039b9cda59c844faa90a75ba80f08148166fd83ff10a0bf55120b

  • SHA512

    9bf7c8a028d2cf55227c9967165b783ffe90aa8ae233fafe886197011322370121c43ecc33d411d426e502abd703e598fd89c85659f69de53d934d442a901044

  • SSDEEP

    49152:9Yd/3Orb/TzvO90dL3BmAFd4A64nsfJiIdNqqsSn0uYTDCG5EWwgrabyP2NgIYdt:I3UobnTeEh2uN96nubOC0DCZFOs

  Score

  10^/10

  ransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (7896) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral24

• • Target

    f89ee06ed27ff00fa5d8f6a5811a9e57063c72c9ec7d478321cdf2a2f018866f

  • Size

    4.8MB

  • MD5

    80c4eabe7ca7200a3735cafe4246e43b

  • SHA1

    f19ea1ca4c8e0ac88c25d5d433dca3413d17d2f9

  • SHA256

    f89ee06ed27ff00fa5d8f6a5811a9e57063c72c9ec7d478321cdf2a2f018866f

  • SHA512

    d6db156fdf7b762295d03f8deb568e584c3d92952156142276f68d05e1a4c3bdaf541b2709ddd9630c6aee249e81d0537ad4e1fcc05f1170c2100cef83a3e11b

  • SSDEEP

    49152:c5Yvom3XQQNrb/T5vO90dL3BmAFd4A64nsfJXL42r+S++UwP5VfvqmEw5EwHgrYD:F3ve2S+YBEqVHBCEhLRSm

  Score

  10^/10

  evasionransomwarespywarestealer

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Stops running service(s)

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral25