26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d | Triage

Resubmissions

11-05-2024 09:02

240511-kzzatadb68 10

11-05-2024 09:00

240511-kyawtsac91 3

Sharing

General

Target

Optimizer.exe
Size

2.4MB
Sample

240511-kzzatadb68
MD5

cc4ed359031db8b3816f280a0cbda217
SHA1

537f393978f91eef2ac22ce82ee1b2f9c6dd2d72
SHA256

26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d
SHA512

e443b5cb8b86a919a800825204624b651b5196e043d83529014625d7e161a6f7a6083857d2415eaa6293cf312389fbf39ea9a338307e8270dcc4812136e84077
SSDEEP

24576:S2mofuHtzyxlMOlJv8EC8KJWGlF+Bjk38WuBcAbwoA/BkjSHXP36RMG:S2msuHtzyxl+EC8KoVCSA/Bkj0

Score

10^/10

defense_evasion discovery evasion execution impact persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  Optimizer.exe
- Size
  
  2.4MB
- MD5
  
  cc4ed359031db8b3816f280a0cbda217
- SHA1
  
  537f393978f91eef2ac22ce82ee1b2f9c6dd2d72
- SHA256
  
  26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d
- SHA512
  
  e443b5cb8b86a919a800825204624b651b5196e043d83529014625d7e161a6f7a6083857d2415eaa6293cf312389fbf39ea9a338307e8270dcc4812136e84077
- SSDEEP
  
  24576:S2mofuHtzyxlMOlJv8EC8KJWGlF+Bjk38WuBcAbwoA/BkjSHXP36RMG:S2msuHtzyxl+EC8KoVCSA/Bkj0
Score

10^/10

defense_evasion discovery evasion execution impact persistence ransomware spyware stealer
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Windows Management Instrumentation

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Indicator Removal

File Deletion

Impair Defenses

Disable or Modify Tools

File and Directory Permissions Modification

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryevasionexecutionimpactpersistenceransomwarespywarestealer