General
-
Target
0566d4629180e86a020543d028f5406d11e39f6a9f656ebc40adb751a4c4d5da
-
Size
628KB
-
Sample
210511-48ddvjkzlx
-
MD5
0c8a49f191c0992b2b7343f2ae3f6d91
-
SHA1
622fab7f3e067148021c4684d98dc5df61f889db
-
SHA256
0566d4629180e86a020543d028f5406d11e39f6a9f656ebc40adb751a4c4d5da
-
SHA512
4944ad2ecdf92492ef173e8d783d3a1f803354535ff50a6d72b29fb9fcd19e0e528fe576da256ae5520f3800fa6d74952aa5322bdb11ac996b456fa7b398f9a7
Malware Config
Targets
-
-
Target
0566d4629180e86a020543d028f5406d11e39f6a9f656ebc40adb751a4c4d5da
-
Size
628KB
-
MD5
0c8a49f191c0992b2b7343f2ae3f6d91
-
SHA1
622fab7f3e067148021c4684d98dc5df61f889db
-
SHA256
0566d4629180e86a020543d028f5406d11e39f6a9f656ebc40adb751a4c4d5da
-
SHA512
4944ad2ecdf92492ef173e8d783d3a1f803354535ff50a6d72b29fb9fcd19e0e528fe576da256ae5520f3800fa6d74952aa5322bdb11ac996b456fa7b398f9a7
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-