General
-
Target
055a178dfb1189e4112fec2c62fccce52742a7d206e28e1a19a388938954bbd7.bin
-
Size
669B
-
Sample
210122-sf1wleb8gx
-
MD5
b4a5e41db4f64b7e42a0dcfff1a93d6c
-
SHA1
9459e181f8a5a48c101d97daeecd68273a721b08
-
SHA256
055a178dfb1189e4112fec2c62fccce52742a7d206e28e1a19a388938954bbd7
-
SHA512
ef543b94f3870e463639c9bb1dfa9b9218cfeecfab04cda11d18cdda3b0d0842f4e4b81265788cff59307d52c2dab0f2175ef277ead96951c598bbfe96c27036
Malware Config
Extracted
http://prorrogaciones.eastus2.cloudapp.azure.com/adv64.zip
Targets
-
-
Target
055a178dfb1189e4112fec2c62fccce52742a7d206e28e1a19a388938954bbd7.bin
-
Size
669B
-
MD5
b4a5e41db4f64b7e42a0dcfff1a93d6c
-
SHA1
9459e181f8a5a48c101d97daeecd68273a721b08
-
SHA256
055a178dfb1189e4112fec2c62fccce52742a7d206e28e1a19a388938954bbd7
-
SHA512
ef543b94f3870e463639c9bb1dfa9b9218cfeecfab04cda11d18cdda3b0d0842f4e4b81265788cff59307d52c2dab0f2175ef277ead96951c598bbfe96c27036
Score10/10-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-