General
-
Target
elast.exe
-
Size
79KB
-
Sample
220628-m6zk9sagf4
-
MD5
344d23c036cf33a82cf9a454a90ff274
-
SHA1
2a650979c1272dd52a3f4374e722f7a1acc72b06
-
SHA256
d57f4a81dcbfd938b8beca24957ea0854a0fe93dcea5d0f24e94412d485de00c
-
SHA512
68bcabcc53239d6a64da60b7d25456a766bcd138c06499dcb8d6295f6b26ebdd1fadad533319b7a812c7dace4108bc82367fe685c6ba547670fb75310832a8b8
Malware Config
Targets
-
-
Target
elast.exe
-
Size
79KB
-
MD5
344d23c036cf33a82cf9a454a90ff274
-
SHA1
2a650979c1272dd52a3f4374e722f7a1acc72b06
-
SHA256
d57f4a81dcbfd938b8beca24957ea0854a0fe93dcea5d0f24e94412d485de00c
-
SHA512
68bcabcc53239d6a64da60b7d25456a766bcd138c06499dcb8d6295f6b26ebdd1fadad533319b7a812c7dace4108bc82367fe685c6ba547670fb75310832a8b8
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-