General
-
Target
RenderGraphics.bin
-
Size
1006KB
-
Sample
210218-rkjkj6klle
-
MD5
46a1769d81d7dcda455f0f05b9b29648
-
SHA1
4d56dffea9d04ee8ed174f1b3328675daf4be7b1
-
SHA256
9e4f1334d3712298cb3d18e38cd954c893c890d09ad457683c8d7956a9bdb635
-
SHA512
8c8ed91b996f84807be1337fe770db4eadd0a7da00fe0545f6de86bd577054dc9a3df22cd81e25ffb4f1ea3e7642409ff9e01a57c582abb099719b069c9fc193
Malware Config
Extracted
https://cdn-35.anonfiles.com/9821W1G5p3/8a0b1f8a-1613613819/gameover.exe
Targets
-
-
Target
RenderGraphics.bin
-
Size
1006KB
-
MD5
46a1769d81d7dcda455f0f05b9b29648
-
SHA1
4d56dffea9d04ee8ed174f1b3328675daf4be7b1
-
SHA256
9e4f1334d3712298cb3d18e38cd954c893c890d09ad457683c8d7956a9bdb635
-
SHA512
8c8ed91b996f84807be1337fe770db4eadd0a7da00fe0545f6de86bd577054dc9a3df22cd81e25ffb4f1ea3e7642409ff9e01a57c582abb099719b069c9fc193
Score10/10-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-