General
-
Target
598837c9a949b7886cdf6fe62d61cac4efc7bb55ac898b376334c75f178ea7ca.exe
-
Size
4.6MB
-
Sample
221005-ql8j8aede8
-
MD5
b9633cbd2d5d981610b3f99cfa6a3f51
-
SHA1
64ca6877c0ad115191d950b11df709854dbb6807
-
SHA256
598837c9a949b7886cdf6fe62d61cac4efc7bb55ac898b376334c75f178ea7ca
-
SHA512
8d05dcc9c942c87657802835a334c654a775a179fa1c99c8ef227d6114f62045a82431a14e3f3b47d6840ced21924d2b1b229a4a8838214198a77b492d356c4e
-
SSDEEP
24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3Dkd9+ZDd3vNSM0y9s:NjLuSh3i+FtvkMzT+TIR
Malware Config
Targets
-
-
Target
598837c9a949b7886cdf6fe62d61cac4efc7bb55ac898b376334c75f178ea7ca.exe
-
Size
4.6MB
-
MD5
b9633cbd2d5d981610b3f99cfa6a3f51
-
SHA1
64ca6877c0ad115191d950b11df709854dbb6807
-
SHA256
598837c9a949b7886cdf6fe62d61cac4efc7bb55ac898b376334c75f178ea7ca
-
SHA512
8d05dcc9c942c87657802835a334c654a775a179fa1c99c8ef227d6114f62045a82431a14e3f3b47d6840ced21924d2b1b229a4a8838214198a77b492d356c4e
-
SSDEEP
24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3Dkd9+ZDd3vNSM0y9s:NjLuSh3i+FtvkMzT+TIR
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-