General
-
Target
e279f219dd7550b63cacd1e6fea8016ff325db5a0f9c7f1f66a57d545ae44080
-
Size
655KB
-
Sample
221001-vy695sheej
-
MD5
6d4d9bf5a771478c98adff6bc1f8de30
-
SHA1
05a294c8f80bcc44da5a50d9d388b09e22f3d85e
-
SHA256
e279f219dd7550b63cacd1e6fea8016ff325db5a0f9c7f1f66a57d545ae44080
-
SHA512
c7ac5b91654d9173cb7cabb64b8e717f69f109a7c8b52746cc63b6fad2d3e007eb67af49849f0698972c10da94390daac8e91cfbef9ed072dfa41942525de17d
-
SSDEEP
12288:0FrmRgot0jN+HLdgoA1Zn8x8PzenT/coO1Lxclv+q/Jtf2miHmJhahx:0lQjLObPSTf6qRtO4JhEx
Malware Config
Targets
-
-
Target
e279f219dd7550b63cacd1e6fea8016ff325db5a0f9c7f1f66a57d545ae44080
-
Size
655KB
-
MD5
6d4d9bf5a771478c98adff6bc1f8de30
-
SHA1
05a294c8f80bcc44da5a50d9d388b09e22f3d85e
-
SHA256
e279f219dd7550b63cacd1e6fea8016ff325db5a0f9c7f1f66a57d545ae44080
-
SHA512
c7ac5b91654d9173cb7cabb64b8e717f69f109a7c8b52746cc63b6fad2d3e007eb67af49849f0698972c10da94390daac8e91cfbef9ed072dfa41942525de17d
-
SSDEEP
12288:0FrmRgot0jN+HLdgoA1Zn8x8PzenT/coO1Lxclv+q/Jtf2miHmJhahx:0lQjLObPSTf6qRtO4JhEx
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-