General
-
Target
Covid.exe
-
Size
282KB
-
Sample
210625-4w819tb8fn
-
MD5
59a11294cc1496126fcd9af1a3371d0b
-
SHA1
68af606a3befec2e42564c9d4015d97c33fbfab9
-
SHA256
2a19c30b45f7d6c70ee5ed2229205587ec7ac00f6c5d3c3b2007989ed45e8a91
-
SHA512
b39c7ddedcf89a2854a8a2603d11d4f79ac443e9789e6833248704b4d7e47d62147a2c6b5a858e293afe10a9dd1c5aa28e56a38103118ecad928246437752213
Malware Config
Targets
-
-
Target
Covid.exe
-
Size
282KB
-
MD5
59a11294cc1496126fcd9af1a3371d0b
-
SHA1
68af606a3befec2e42564c9d4015d97c33fbfab9
-
SHA256
2a19c30b45f7d6c70ee5ed2229205587ec7ac00f6c5d3c3b2007989ed45e8a91
-
SHA512
b39c7ddedcf89a2854a8a2603d11d4f79ac443e9789e6833248704b4d7e47d62147a2c6b5a858e293afe10a9dd1c5aa28e56a38103118ecad928246437752213
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-