General
-
Target
HEUR-Trojan-Ransom.Win32.Generic-951343ad48c001f7042ba6f718547e4a0e5d883ea02c4bb58525c8b6c11dd855.exe
-
Size
61KB
-
Sample
220925-e6hzhseefp
-
MD5
0149239a714562542894473bba7585f0
-
SHA1
638662ca1b4c75eb6aaa6866f5fad09ce94a4460
-
SHA256
951343ad48c001f7042ba6f718547e4a0e5d883ea02c4bb58525c8b6c11dd855
-
SHA512
6bb10f166cafbc553ebd2c557c3e55c4ed64d62d0f8b8364a7e57f779eb4bd3f071e358aff35414224d7a4c9ae11935a86385ef0c44773e1ae88a37a5884cc0c
-
SSDEEP
768:mKsMqCXfVcWO/M9ZkiANIUS3GYLDwUzc80gmq3oP/oDU:mKseiM9ZkiAPOr/0O8/oQ
Malware Config
Targets
-
-
Target
HEUR-Trojan-Ransom.Win32.Generic-951343ad48c001f7042ba6f718547e4a0e5d883ea02c4bb58525c8b6c11dd855.exe
-
Size
61KB
-
MD5
0149239a714562542894473bba7585f0
-
SHA1
638662ca1b4c75eb6aaa6866f5fad09ce94a4460
-
SHA256
951343ad48c001f7042ba6f718547e4a0e5d883ea02c4bb58525c8b6c11dd855
-
SHA512
6bb10f166cafbc553ebd2c557c3e55c4ed64d62d0f8b8364a7e57f779eb4bd3f071e358aff35414224d7a4c9ae11935a86385ef0c44773e1ae88a37a5884cc0c
-
SSDEEP
768:mKsMqCXfVcWO/M9ZkiANIUS3GYLDwUzc80gmq3oP/oDU:mKseiM9ZkiAPOr/0O8/oQ
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-