Overview

overview

10

Static

static

10

c9f71fc4f3...8a.exe

windows7-x64

1

c9f71fc4f3...8a.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a

  • Size

    7.7MB

  • Sample

    241201-ssramayraj

  • MD5

    c30a14b595fa334084cd32fa60b3c827

  • SHA1

    3cd04b60b329388059cf58ce3ee6996559123cfa

  • SHA256

    c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a

  • SHA512

    7e244b3d45874d4cbecf53c6c404cd5681879a776b4a5710327c88d7888b61bdfafd17d462244b9ae8235955d8df148da72215ea61514c01585e4d0132ece9a8

  • SSDEEP

    98304:YLraiumim2uZeGEWyOdLQvu6zer0NGBJMV1ZAU6tSOsN:2Imim2uZ8pvW6fAJMVd6M/N

Score
10/10
ghostlockerdiscoveryransomwarespywarestealer

Malware Config

Extracted

Family

ghostlocker

C2

http://41.216.183.31/addInfection

Targets

    • Target

      c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a

    • Size

      7.7MB

    • MD5

      c30a14b595fa334084cd32fa60b3c827

    • SHA1

      3cd04b60b329388059cf58ce3ee6996559123cfa

    • SHA256

      c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a

    • SHA512

      7e244b3d45874d4cbecf53c6c404cd5681879a776b4a5710327c88d7888b61bdfafd17d462244b9ae8235955d8df148da72215ea61514c01585e4d0132ece9a8

    • SSDEEP

      98304:YLraiumim2uZeGEWyOdLQvu6zer0NGBJMV1ZAU6tSOsN:2Imim2uZ8pvW6fAJMVd6M/N

    Score
    9/10
    discoveryransomwarespywarestealer

    • Renames multiple (1574) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks