Overview

overview

9

Static

static

3

ransome.exe

windows7-x64

7

ransome.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransome.exe

  • Size

    13.9MB

  • Sample

    250120-k9v15ssmep

  • MD5

    14dbaf924807f7240bbc8297672a8689

  • SHA1

    a8f44e0d6a08b5d1484cfae7fe0a0055e958cf93

  • SHA256

    92f4f029c4f97905f9db69f0ef29a664bb3c3504c5cbbcc9f8aff517af7a7eb3

  • SHA512

    097a7d5852dc030fd3f9f97310886e9ce1a5e0c4944b97b6777645a230579e99c2748660f489a27c2a1510135df4be65f96e177364d67af5c3785897356a22b6

  • SSDEEP

    393216:5ceW8Owq3Obs2CltXMCHWUjWfGwB9IetTPT4:5ceW8Owq3ObRqtXMb8WfZ4et3

Score
9/10
credential_accessdiscoverypyinstallerransomwarespywarestealer

Malware Config

Targets

    • Target

      ransome.exe

    • Size

      13.9MB

    • MD5

      14dbaf924807f7240bbc8297672a8689

    • SHA1

      a8f44e0d6a08b5d1484cfae7fe0a0055e958cf93

    • SHA256

      92f4f029c4f97905f9db69f0ef29a664bb3c3504c5cbbcc9f8aff517af7a7eb3

    • SHA512

      097a7d5852dc030fd3f9f97310886e9ce1a5e0c4944b97b6777645a230579e99c2748660f489a27c2a1510135df4be65f96e177364d67af5c3785897356a22b6

    • SSDEEP

      393216:5ceW8Owq3Obs2CltXMCHWUjWfGwB9IetTPT4:5ceW8Owq3ObRqtXMb8WfZ4et3

    Score
    9/10
    credential_accessdiscoveryransomwarespywarestealer

    • Renames multiple (3031) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks