General
-
Target
34de4b269fe0721f4323dc549545fa5575a1bd5178174d382d0cee730eac5d89
-
Size
366KB
-
Sample
211029-k7w6esdad6
-
MD5
a24e438b9535cfb06f66dbd5b11a7680
-
SHA1
f998c708668743677064db9307cf274c17dd9a5a
-
SHA256
34de4b269fe0721f4323dc549545fa5575a1bd5178174d382d0cee730eac5d89
-
SHA512
b65c5fac207297fe0219f03779729789de443880b1d71f099ec29a17183f37a1d9d8f1f2d4484f5fc95fa647562fd565e20a1f4a81b61d89e078a8405f41c5fa
Malware Config
Targets
-
-
Target
34de4b269fe0721f4323dc549545fa5575a1bd5178174d382d0cee730eac5d89
-
Size
366KB
-
MD5
a24e438b9535cfb06f66dbd5b11a7680
-
SHA1
f998c708668743677064db9307cf274c17dd9a5a
-
SHA256
34de4b269fe0721f4323dc549545fa5575a1bd5178174d382d0cee730eac5d89
-
SHA512
b65c5fac207297fe0219f03779729789de443880b1d71f099ec29a17183f37a1d9d8f1f2d4484f5fc95fa647562fd565e20a1f4a81b61d89e078a8405f41c5fa
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Downloads PsExec from SysInternals website
Sysinternals tools like PsExec are often leveraged maliciously by malware families due to being commonly used by testers/administrators.
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Modifies file permissions
-
Windows security modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies WinLogon
-