5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c | Triage

Submit
Reports

Overview

overview

7

Static

static

3

5deef62742...0c.exe

windows7-x64

7

5deef62742...0c.exe

windows10-2004-x64

7

Sharing

General

Target

5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c.exe
Size

19.9MB
Sample

240419-qgfnmsec51
MD5

3f3772337a3b73822f085dbb0cd01900
SHA1

7f1bfc5f2d474c4156311d1ba45b2e210af9379b
SHA256

5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c
SHA512

d3d90adbbaae1e259fb994caeb73e61918473587bb25e0b2710293fa84c30127ae07a391337fea11e3e1443724598460abc263b6cfa6c7b844a9ad8e2dda5aec
SSDEEP

393216:cFU/V+K4eN01QnnYBeFsfgTDfDg5yc6me2DW8Y3+d9E4176:cmVaeC1QtsfgTb05NLW8YOd9EA+

Score

7^/10

pyinstaller ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c.exe
- Size
  
  19.9MB
- MD5
  
  3f3772337a3b73822f085dbb0cd01900
- SHA1
  
  7f1bfc5f2d474c4156311d1ba45b2e210af9379b
- SHA256
  
  5deef62742a512f4b374349242938078be3f5158e37973cf731d8423c5c48f0c
- SHA512
  
  d3d90adbbaae1e259fb994caeb73e61918473587bb25e0b2710293fa84c30127ae07a391337fea11e3e1443724598460abc263b6cfa6c7b844a9ad8e2dda5aec
- SSDEEP
  
  393216:cFU/V+K4eN01QnnYBeFsfgTDfDg5yc6me2DW8Y3+d9E4176:cmVaeC1QtsfgTb05NLW8YOd9EA+
Score

7^/10

ransomware
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy