General
-
Target
09fd6a13fbe723eec2fbe043115210c1538d77627b93feeb9e600639d20bb332.sample
-
Size
364KB
-
Sample
210726-er8asqjjkn
-
MD5
112eb679962825584438d88bfc7707c3
-
SHA1
18529b6bef216231c34b2701eb3894ca2dd3a5ba
-
SHA256
09fd6a13fbe723eec2fbe043115210c1538d77627b93feeb9e600639d20bb332
-
SHA512
1d4dc051312ed3cc2f4d111a09e2de8b3aacfc03e42765ef7f997147c803ea82db91eeb3d925601e1e3184b82c45808ab654774a41060b4f43746bfb0c40368e
Malware Config
Targets
-
-
Target
09fd6a13fbe723eec2fbe043115210c1538d77627b93feeb9e600639d20bb332.sample
-
Size
364KB
-
MD5
112eb679962825584438d88bfc7707c3
-
SHA1
18529b6bef216231c34b2701eb3894ca2dd3a5ba
-
SHA256
09fd6a13fbe723eec2fbe043115210c1538d77627b93feeb9e600639d20bb332
-
SHA512
1d4dc051312ed3cc2f4d111a09e2de8b3aacfc03e42765ef7f997147c803ea82db91eeb3d925601e1e3184b82c45808ab654774a41060b4f43746bfb0c40368e
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-