be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937 | Triage

Sharing

General

Target

be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937
Size

1.3MB
Sample

240710-eshrlawcmj
MD5

9fe1882c032b5e51c335c50b4b37902f
SHA1

5fc01266eb91b6b095c4e9e61211329916ad7ab0
SHA256

be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937
SHA512

a779390053a8db71503c15a95cb320f64b432971796f9d63db110997573362f0478039f3768be1c554bc9538f498d19558057bddc3d301f3bba6ec77f6b40fca
SSDEEP

24576:3Z+05tErv2XwKvHoBHErvOmnD4TxJeUrtONbcDvX+ZRDSq9yG0+GYCwdD5sguoax:3Z+05RvyiUTxwuoNbxzyG0QCKD5daDEy

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937
- Size
  
  1.3MB
- MD5
  
  9fe1882c032b5e51c335c50b4b37902f
- SHA1
  
  5fc01266eb91b6b095c4e9e61211329916ad7ab0
- SHA256
  
  be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937
- SHA512
  
  a779390053a8db71503c15a95cb320f64b432971796f9d63db110997573362f0478039f3768be1c554bc9538f498d19558057bddc3d301f3bba6ec77f6b40fca
- SSDEEP
  
  24576:3Z+05tErv2XwKvHoBHErvOmnD4TxJeUrtONbcDvX+ZRDSq9yG0+GYCwdD5sguoax:3Z+05RvyiUTxwuoNbxzyG0QCKD5daDEy
Score

9^/10

persistence ransomware spyware stealer
- Renames multiple (216) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceransomwarespywarestealer