Resubmissions
13-04-2024 09:28
240413-lfvc7acf52 1013-04-2024 09:28
240413-lft3esff2x 1013-04-2024 09:28
240413-lfemqsff2t 1013-04-2024 09:27
240413-le61lafe91 1013-04-2024 09:27
240413-le6ptsfe9z 1009-04-2024 08:16
240409-j555wadf8x 1009-04-2024 08:16
240409-j55t4sdf8v 1009-04-2024 08:16
240409-j54xtaad59 1009-04-2024 08:15
240409-j52sfsad57 1004-11-2020 01:00
201104-p65ygpgpnx 9General
-
Target
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin
-
Size
483KB
-
Sample
201104-p65ygpgpnx
-
MD5
3265b2b0afc6d2ad0bdd55af8edb9b37
-
SHA1
24272beb676d956ec8a65b95a2615c9075fa9869
-
SHA256
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4
-
SHA512
28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94
Malware Config
Targets
-
-
Target
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin
-
Size
483KB
-
MD5
3265b2b0afc6d2ad0bdd55af8edb9b37
-
SHA1
24272beb676d956ec8a65b95a2615c9075fa9869
-
SHA256
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4
-
SHA512
28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies service
-