Overview

overview

9

Static

static

3

2024090641...na.exe

windows10-2004-x64

9

Resubmissions

01/10/2024, 09:01

241001-kyvw1a1dmm 10

09/09/2024, 23:19

240909-3awshavgqk 9

06/09/2024, 05:45

240906-gfs3xayhqp 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024090641fd143e8a7cd4d3c98a20e8380a6cfddatpertrigona

  • Size

    1.1MB

  • Sample

    240909-3awshavgqk

  • MD5

    41fd143e8a7cd4d3c98a20e8380a6cfd

  • SHA1

    b8c85fa5a81b3d70a21835fbea394e0611461bf8

  • SHA256

    b0dfaf509de38749c49afcb3cd34d27126044bb77cc16896b02ebced6f95db02

  • SHA512

    521dadc80bd429ab99d4a1e4a2b3f41329cba8b8b1708c35c20361f5e925496ec1509af449142f0fda2fc3cf53f806509dee98ae2096ec2cc1bd27e62047c05d

  • SSDEEP

    24576:l/R+w8jaP9HncW1/CQ/FO4iOu5AxZkQULiHErN7+uUcLw:l/D19aNXiqYvv

Score
9/10
credential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

Malware Config

Targets

    • Target

      2024090641fd143e8a7cd4d3c98a20e8380a6cfddatpertrigona

    • Size

      1.1MB

    • MD5

      41fd143e8a7cd4d3c98a20e8380a6cfd

    • SHA1

      b8c85fa5a81b3d70a21835fbea394e0611461bf8

    • SHA256

      b0dfaf509de38749c49afcb3cd34d27126044bb77cc16896b02ebced6f95db02

    • SHA512

      521dadc80bd429ab99d4a1e4a2b3f41329cba8b8b1708c35c20361f5e925496ec1509af449142f0fda2fc3cf53f806509dee98ae2096ec2cc1bd27e62047c05d

    • SSDEEP

      24576:l/R+w8jaP9HncW1/CQ/FO4iOu5AxZkQULiHErN7+uUcLw:l/D19aNXiqYvv

    Score
    9/10
    credential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks