General
-
Target
0214740257d4e56dc517282a8b9cd0281c8317f970cce810eedc586afdda8f45
-
Size
462KB
-
Sample
220523-t3btcsacal
-
MD5
ce21fc7287d1f563531dd7ba6d1995ae
-
SHA1
a5cd1be66465fd948343b9e7855138d68f8a0d76
-
SHA256
0214740257d4e56dc517282a8b9cd0281c8317f970cce810eedc586afdda8f45
-
SHA512
8467c48d9ea26a32e65150ae743e1d17327fb0e13eabcdc404215b9cb3d1bc1b085c3478fd5282ab3aae900b45ab55bf6e61b0f8f692e6a5613be15f768cb4a3
Malware Config
Targets
-
-
Target
0214740257d4e56dc517282a8b9cd0281c8317f970cce810eedc586afdda8f45
-
Size
462KB
-
MD5
ce21fc7287d1f563531dd7ba6d1995ae
-
SHA1
a5cd1be66465fd948343b9e7855138d68f8a0d76
-
SHA256
0214740257d4e56dc517282a8b9cd0281c8317f970cce810eedc586afdda8f45
-
SHA512
8467c48d9ea26a32e65150ae743e1d17327fb0e13eabcdc404215b9cb3d1bc1b085c3478fd5282ab3aae900b45ab55bf6e61b0f8f692e6a5613be15f768cb4a3
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-