General
-
Target
ByeData.exe
-
Size
102KB
-
Sample
250704-xxdmjsxvdt
-
MD5
704b6118db9f67f7ecb0dd713eb19d55
-
SHA1
4c687c8f6de70d4b4dc71536978cd8fcb537f4b2
-
SHA256
675d85eab55e9d8df703b5fc4a138ad98f5ee35485d8310831dfab4fe320898f
-
SHA512
9b669fd1d2d0ada9aa90a74da5893764705b73d3a735cbb03c854cff0e16b423b57c2d3a3f96a19fa3e09012de3635687db9e13edc7edc6b58375c199731e4f6
-
SSDEEP
1536:x+BLxiTzbXarwzn7z+XY+l6YR5RHhO3+N3+AmjThCp:M2TXX02L+7HRsONON/op
Static task
static1
Behavioral task
behavioral1
Sample
ByeData.exe
Resource
win11-20250610-en
Malware Config
Targets
-
-
Target
ByeData.exe
-
Size
102KB
-
MD5
704b6118db9f67f7ecb0dd713eb19d55
-
SHA1
4c687c8f6de70d4b4dc71536978cd8fcb537f4b2
-
SHA256
675d85eab55e9d8df703b5fc4a138ad98f5ee35485d8310831dfab4fe320898f
-
SHA512
9b669fd1d2d0ada9aa90a74da5893764705b73d3a735cbb03c854cff0e16b423b57c2d3a3f96a19fa3e09012de3635687db9e13edc7edc6b58375c199731e4f6
-
SSDEEP
1536:x+BLxiTzbXarwzn7z+XY+l6YR5RHhO3+N3+AmjThCp:M2TXX02L+7HRsONON/op
-
Renames multiple (3265) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1