General
-
Target
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.zip
-
Size
66KB
-
Sample
200628-v618yhl3an
-
MD5
06bac88cfcace2c206e05ebc4020e088
-
SHA1
e57a4a5586c9fe6ebbe168fe919d89fdb53d846e
-
SHA256
72abe5d96b5943a52c8e819c04b9886c92c6abb296a23103b27ffa1b9f160bd5
-
SHA512
0f9cb5ea2e461bb15bed7c664996c64442bf42882a78f20f2f6cc474e69b85c206761cb31a09d78960ef895c09cee770a1d9eabc4fcfdbb0b81191b61b88161d
Static task
static1
Behavioral task
behavioral1
Sample
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
Resource
win10
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\!TXDOT_READ_ME!.txt
Targets
-
-
Target
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458
-
Size
156KB
-
MD5
fcd21c6fca3b9378961aa1865bee7ecb
-
SHA1
0abaa05da2a05977e0baf68838cff1712f1789e0
-
SHA256
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458
-
SHA512
e39c1f965f6faeaa33dfec6eba23fbfff14b287f4777797ea79480bb037d6d806516bda7046315e051961fce12e935ac546819c1e0bef5c33568d68955a9792a
Score10/10-
Clears Windows event logs
-
Deletes system backup catalog
Ransomware often tries to delete backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables use of System Restore points
-