General
-
Target
daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93.exe
-
Size
426KB
-
Sample
250526-hpdv1swqt6
-
MD5
e07b67ebfd8b9628237a9cc955a136fd
-
SHA1
c623d17c0bbd9fb753328c8d38068ab57f9b9758
-
SHA256
daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93
-
SHA512
a3061c67c6ce4d982a4de514c891e3eb1ebe5a5bd471292407921e86f3336f8a7e1e3d2beae353c468b399a5d5b22e5615d1b5c78db19863bb7f410d61d11afc
-
SSDEEP
6144:tfjw8p8tUwrLrLrLEWXHQtLWd5oNVFq//6751bLV50DEr0Ng/ydlb4fQ6wFMvbZ:pPWQgeVFN8DZNg6dNoQl+v
Static task
static1
Behavioral task
behavioral1
Sample
daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
F:\DECRYPT-FILES.html
<b>[email protected]</b>
Targets
-
-
Target
daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93.exe
-
Size
426KB
-
MD5
e07b67ebfd8b9628237a9cc955a136fd
-
SHA1
c623d17c0bbd9fb753328c8d38068ab57f9b9758
-
SHA256
daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93
-
SHA512
a3061c67c6ce4d982a4de514c891e3eb1ebe5a5bd471292407921e86f3336f8a7e1e3d2beae353c468b399a5d5b22e5615d1b5c78db19863bb7f410d61d11afc
-
SSDEEP
6144:tfjw8p8tUwrLrLrLEWXHQtLWd5oNVFq//6751bLV50DEr0Ng/ydlb4fQ6wFMvbZ:pPWQgeVFN8DZNg6dNoQl+v
-
Maze family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1