fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786 | Triage

Resubmissions

02-06-2024 15:28

240602-swressff3w 3

30-05-2024 09:46

240530-lr3tpsdd8w 3

29-05-2024 07:49

240529-jnvmtagc82 6

17-05-2024 11:00

240517-m38d1aef41 10

17-05-2024 10:58

240517-m28ndafa27 7

15-05-2024 08:31

240515-ke8zhshc58 8

15-05-2024 07:41

240515-jjaf3sff58 7

15-05-2024 06:12

240515-gyf63acd9x 10

Sharing

General

Target

b28242123ed2cf6000f0aa036844bd29
Size

87KB
Sample

240515-gyf63acd9x
MD5

b28242123ed2cf6000f0aa036844bd29
SHA1

915f41a6c59ed743803ea0ddde08927ffd623586
SHA256

fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
SHA512

08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
SSDEEP

1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  b28242123ed2cf6000f0aa036844bd29
- Size
  
  87KB
- MD5
  
  b28242123ed2cf6000f0aa036844bd29
- SHA1
  
  915f41a6c59ed743803ea0ddde08927ffd623586
- SHA256
  
  fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
- SHA512
  
  08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
- SSDEEP
  
  1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Renames multiple (90) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan