Credentials in Files
qEjdLfskd47NI5BG.exe
Windows Exe (x86-32)
Created 4 years ago
VMRay Threat Identifiers (9 rules, 5491 matches)
| Severity | Category | Operation | Count | Classification | |
|---|---|---|---|---|---|
5/5 | Antivirus | Malicious content was detected by heuristic scan | 2 | - | |
4/5 | User Data Modification | Modifies content of user files | 1 | Ransomware | |
4/5 | User Data Modification | Renames user files | 1 | Ransomware | |
2/5 | Data Collection | Reads sensitive mail data | 1 | - | |
2/5 | Data Collection | Reads sensitive browser data | 1 | - | |
1/5 | System Modification | Modifies application directory | 5482 | - | |
1/5 | Discovery | Possibly does reconnaissance | 1 | - | |
1/5 | System Modification | Creates an unusually large number of files | 1 | - | |
0/5 | Discovery | Enumerates running processes | 1 | - |
Screenshots
Monitored Processes
MITRE ATT&CK™ Matrix - Windows
ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
File and Directory Discovery
Process Discovery
Lateral Movement
Collection
Automated Collection
Data from Local System
Command and Control
Exfiltration
Impact
Data Encrypted for Impact
Sample Information
| ID | #1573664 |
| MD5 | |
| SHA1 | |
| SHA256 | |
| SSDeep | |
| ImpHash | |
| Filename | qEjdLfskd47NI5BG.exe |
| File Size | 160.50 KB |
| Sample Type | Windows Exe (x86-32) |
Analysis Information
| Creation Time | 2020-11-13 14:11 (UTC+) |
| Analysis Duration | 00:01:59 |
| Number of Monitored Processes | 1 |
| Execution Successful |  |
| Reputation Enabled | |
| WHOIS Enabled |  |
| Local AV Enabled | |
| Local AV Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps |
| YARA Enabled | |
| YARA Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps |
| Number of AV Matches | 2 |
| Number of YARA Matches | 0 |
| Termination Reason | Maximum binlog size reached |
