General
-
Target
64c51351aafb4cd339934a78d064847bdd833b963eafbade86eb51ac2c1677f4.bin.sample
-
Size
156KB
-
Sample
211130-qkt1faabf7
-
MD5
1af3b3dbc826f6dadf14025588ff96f6
-
SHA1
5238ba19bb3c7298ee13fe6eb0cf5f8787c13cd8
-
SHA256
64c51351aafb4cd339934a78d064847bdd833b963eafbade86eb51ac2c1677f4
-
SHA512
a2dfefe1e78e3267755e45cefb88ffc65240b6c0aaf8546480ce38a2d6432f7907be86aeb579095e4781b21a0125434e6c945777ca50362765ce63324aac282d
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\!TXDOT_READ_ME!.txt
Targets
-
-
Target
64c51351aafb4cd339934a78d064847bdd833b963eafbade86eb51ac2c1677f4.bin.sample
-
Size
156KB
-
MD5
1af3b3dbc826f6dadf14025588ff96f6
-
SHA1
5238ba19bb3c7298ee13fe6eb0cf5f8787c13cd8
-
SHA256
64c51351aafb4cd339934a78d064847bdd833b963eafbade86eb51ac2c1677f4
-
SHA512
a2dfefe1e78e3267755e45cefb88ffc65240b6c0aaf8546480ce38a2d6432f7907be86aeb579095e4781b21a0125434e6c945777ca50362765ce63324aac282d
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
RansomEXX Ransomware
Targeted ransomware with variants which affect Windows and Linux systems.
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables use of System Restore points
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Overwrites deleted data with Cipher tool
Cipher is a Windows tool which be used to securely wipe deallocated HDD space, preventing recovery of deleted data.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-