General
-
Target
158a1982fe4817594301200a8cbadf44d0b893bdd9060f9e7790fae0b556ef9e
-
Size
1.0MB
-
Sample
210511-3zysajs2ke
-
MD5
55ac736a7fd1e0a00afb7a1bf889acf5
-
SHA1
dbd3f2f7553d5f3059a7144e2f4ae4f7d9e2e01c
-
SHA256
158a1982fe4817594301200a8cbadf44d0b893bdd9060f9e7790fae0b556ef9e
-
SHA512
3f0d00e4567295501b421e3e749fec215c9a119413b90fde56ac0eefcfd3727eb42bb9456196a818c5990bfb57de1649409dc9d159c2713a294c114160eb05d2
Malware Config
Targets
-
-
Target
158a1982fe4817594301200a8cbadf44d0b893bdd9060f9e7790fae0b556ef9e
-
Size
1.0MB
-
MD5
55ac736a7fd1e0a00afb7a1bf889acf5
-
SHA1
dbd3f2f7553d5f3059a7144e2f4ae4f7d9e2e01c
-
SHA256
158a1982fe4817594301200a8cbadf44d0b893bdd9060f9e7790fae0b556ef9e
-
SHA512
3f0d00e4567295501b421e3e749fec215c9a119413b90fde56ac0eefcfd3727eb42bb9456196a818c5990bfb57de1649409dc9d159c2713a294c114160eb05d2
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-