General
-
Target
9f0fbbe5375d3da8272a22140f3da5970bf46b96ef78aef93d6cb0bc3638a8d9
-
Size
10.0MB
-
Sample
221008-jqjnbsedb3
-
MD5
403f9e597ff833a0bb1dd71d9c3a9332
-
SHA1
28fcb1ffaa4647a73a52c45d39fbf22b72f93272
-
SHA256
9f0fbbe5375d3da8272a22140f3da5970bf46b96ef78aef93d6cb0bc3638a8d9
-
SHA512
b7038e4f9867c6c854476cee44192d343ef265959a1b4911bebad884d64f0bcd32ca6cd0df1dcc8df4fceb285619dcc64d8fc18e6a0b303b3ec8fac997376ec8
-
SSDEEP
49152:NjLuSh3i+FtvkMzT+TIRMFJsDFfV59MsU8BBWKcFO72ZKsm6zB:NLu1TIRMFJswsDBBqa2ZZzB
Malware Config
Targets
-
-
Target
9f0fbbe5375d3da8272a22140f3da5970bf46b96ef78aef93d6cb0bc3638a8d9
-
Size
10.0MB
-
MD5
403f9e597ff833a0bb1dd71d9c3a9332
-
SHA1
28fcb1ffaa4647a73a52c45d39fbf22b72f93272
-
SHA256
9f0fbbe5375d3da8272a22140f3da5970bf46b96ef78aef93d6cb0bc3638a8d9
-
SHA512
b7038e4f9867c6c854476cee44192d343ef265959a1b4911bebad884d64f0bcd32ca6cd0df1dcc8df4fceb285619dcc64d8fc18e6a0b303b3ec8fac997376ec8
-
SSDEEP
49152:NjLuSh3i+FtvkMzT+TIRMFJsDFfV59MsU8BBWKcFO72ZKsm6zB:NLu1TIRMFJswsDBBqa2ZZzB
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-