4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669 | Triage

Resubmissions

05/07/2024, 05:52

240705-gkvgjatdml 9

03/07/2024, 22:17

240703-17dxvaydkj 9

03/07/2024, 22:02

240703-1xw1nsyakp 9

Sharing

Copy URL Twitter E-mail

General

Target

Locker.exe
Size

1.4MB
Sample

240705-gkvgjatdml
MD5

d919e343301c46db373a0694d25a0feb
SHA1

ae92b5a4e618747b2d84cf39e826efb9fbaffefc
SHA256

4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669
SHA512

fdd273b3bbfcc7bad1b9ff3dc3b04e8fc7f45d502143bde795fce4c20d0fc78feac364c852d2e5a795e7f25320a19abc2f4575624e20c124e367c1cadde8a6a8
SSDEEP

24576:8lwasdNc5lRNAY6gaAkWCnjrWBGfAklJkR3KvRQT90z:5UAY6gaAkWCnjr4GfAklJk7T90

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  Locker.exe
- Size
  
  1.4MB
- MD5
  
  d919e343301c46db373a0694d25a0feb
- SHA1
  
  ae92b5a4e618747b2d84cf39e826efb9fbaffefc
- SHA256
  
  4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669
- SHA512
  
  fdd273b3bbfcc7bad1b9ff3dc3b04e8fc7f45d502143bde795fce4c20d0fc78feac364c852d2e5a795e7f25320a19abc2f4575624e20c124e367c1cadde8a6a8
- SSDEEP
  
  24576:8lwasdNc5lRNAY6gaAkWCnjrWBGfAklJkR3KvRQT90z:5UAY6gaAkWCnjr4GfAklJk7T90
Score

9^/10

ransomware spyware stealer
- Renames multiple (8561) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer