General
-
Target
MetadataSys
-
Size
348KB
-
Sample
200525-sjn2qp1xye
-
MD5
a705103021bfd908ff3baf3cd7f0d01e
-
SHA1
0e618149c4ec7e46e6f32a0aa042c74dc73ca828
-
SHA256
91e573ed92344a8eb7110e6af97f10b9f848f25f9f1a0fe411e2eef39e3dc342
-
SHA512
da72065e999745749fa89a0fa9be72fb89d0ac3fa54e4274732693e355ad2228ed60bede1092c6e691f6e88e19708de7e7672caba2886abbd79ec761c7faf0c6
Static task
static1
Behavioral task
behavioral1
Sample
MetadataSys.exe
Resource
win7v200430
Malware Config
Extracted
C:\readme-warning.txt
makop
KILLYOUASS@protonmail.com
killyouass@horsefucker.org
Targets
-
-
Target
MetadataSys
-
Size
348KB
-
MD5
a705103021bfd908ff3baf3cd7f0d01e
-
SHA1
0e618149c4ec7e46e6f32a0aa042c74dc73ca828
-
SHA256
91e573ed92344a8eb7110e6af97f10b9f848f25f9f1a0fe411e2eef39e3dc342
-
SHA512
da72065e999745749fa89a0fa9be72fb89d0ac3fa54e4274732693e355ad2228ed60bede1092c6e691f6e88e19708de7e7672caba2886abbd79ec761c7faf0c6
Score10/10-
Deletes system backup catalog
Ransomware often tries to delete backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies service
-
Suspicious use of SetThreadContext
-