Overview

overview

9

Static

static

3

2024-04-27...ar.exe

windows7-x64

9

2024-04-27...ar.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-04-27_9e3dd480c9105c1ebda18e651e9b7764_hiddentear

  • Size

    207KB

  • Sample

    240427-ye2r4afd7z

  • MD5

    9e3dd480c9105c1ebda18e651e9b7764

  • SHA1

    fb6a429849b0e38a9e9bebed0c8356e02501be2b

  • SHA256

    f2b8af0563461f373ad5ed075b26791b775c442ed8dd9e39b6a006473554a928

  • SHA512

    7419b8f54f60d3000cea81204de7899b5468d77c5d38bf2d593c8f08eff514509aed27c65f4c9c55452469e287475a880de51aefa23daaac120ed36c0397a504

  • SSDEEP

    3072:HUpM+lmsolAIrRuw+mqv9j1MWLQvMTmmsolNIrRuw+mqv9j1MWLQA:HV+lDAAJTmDAN

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-04-27_9e3dd480c9105c1ebda18e651e9b7764_hiddentear

    • Size

      207KB

    • MD5

      9e3dd480c9105c1ebda18e651e9b7764

    • SHA1

      fb6a429849b0e38a9e9bebed0c8356e02501be2b

    • SHA256

      f2b8af0563461f373ad5ed075b26791b775c442ed8dd9e39b6a006473554a928

    • SHA512

      7419b8f54f60d3000cea81204de7899b5468d77c5d38bf2d593c8f08eff514509aed27c65f4c9c55452469e287475a880de51aefa23daaac120ed36c0397a504

    • SSDEEP

      3072:HUpM+lmsolAIrRuw+mqv9j1MWLQvMTmmsolNIrRuw+mqv9j1MWLQA:HV+lDAAJTmDAN

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (100) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks