Overview

overview

9

Static

static

3

eaa0e773eb...bc.exe

windows7-x64

9

eaa0e773eb...bc.exe

windows10-1703-x64

9

eaa0e773eb...bc.exe

windows10-2004-x64

9

eaa0e773eb...bc.exe

windows11-21h2-x64

9

Resubmissions

13-08-2024 12:55

240813-p5s37svarb 9

03-08-2024 05:56

240803-gng1lsvfnn 9

29-07-2024 17:59

240729-wkpzdawhlc 9

29-07-2024 13:14

240729-qg3heazdpj 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18408476645.zip

  • Size

    91KB

  • Sample

    240813-p5s37svarb

  • MD5

    e488d51793fec752a64b0834defb9d1d

  • SHA1

    3941750c3a1565c766f26d9f480df70545652f50

  • SHA256

    2c9f4b12528c5fe7f63dfd2726b7a4e2ad8d20040c4fa3c4c024cc88b5e84e06

  • SHA512

    5d544bbba25a4abdd639e07d7a69f7e4b77b8300cb25145fb8abd5bb50588dd20537477744ee8b14d44e90144247e945114cf3bd16b425fbc00d6a84940f1ac2

  • SSDEEP

    1536:4XTtCo2CDTGTy24UqVTBfLzYsmzl5SMaQMk8reCyKo8z5ke7+9U:4XGh8BfvYXu3qfK+e69U

Score
9/10
credential_accessdiscoveryransomwarestealer

Malware Config

Targets

    • Target

      eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc

    • Size

      162KB

    • MD5

      7e851829ee37bc0cf65a268d1d1baa7a

    • SHA1

      672553c79db2a3859a8ea216804d4ff8d2ded538

    • SHA256

      eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc

    • SHA512

      856c6d27669b3123064d85adbc119414f5418f80bbbc9f85f4575df97cf34d1f4ab96fab5442a337ac6a90c076ba5af835f5286cb403acfb3a1e4fc5d0834ebd

    • SSDEEP

      3072:rjvNTtA6pzarOLgSua/iw6kzg3qe1PTjrnFFMVUT6tSTC6D1vtPR1DO66ddJpW3h:r72qe1PTjrnf/KMR1j6df01fiuAP3xFm

    Score
    9/10
    discoveryransomwarecredential_accessstealer

    • Renames multiple (382) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Windows Credential Manager

1
T1555.004

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks