General
-
Target
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
-
Size
87KB
-
Sample
200907-vrtqcgtwrj
-
MD5
d6d956267a268c9dcf48445629d2803e
-
SHA1
cc0feae505dad9c140dd21d1b40b518d8e61b3a4
-
SHA256
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
-
SHA512
e0791f6eb3116d0590be3af3713c94f787f7ced8e904d4bb8fc0d1341f332053414cb1e9095ae2de041b9e6d6d55cf773bf45ebeb74f27bb95c11a3cc364abee
Malware Config
Targets
-
-
Target
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
-
Size
87KB
-
MD5
d6d956267a268c9dcf48445629d2803e
-
SHA1
cc0feae505dad9c140dd21d1b40b518d8e61b3a4
-
SHA256
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
-
SHA512
e0791f6eb3116d0590be3af3713c94f787f7ced8e904d4bb8fc0d1341f332053414cb1e9095ae2de041b9e6d6d55cf773bf45ebeb74f27bb95c11a3cc364abee
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Defender Real-time Protection settings
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Windows security modification
-
Modifies WinLogon
-
Modifies service
-