General
-
Target
6391db48124aca767b7c2a08bd0ccbe84c6e651901bc67bee0ffbfba9f15e796
-
Size
890KB
-
Sample
221010-s784zscdf2
-
MD5
879383db78afcedf8d83d9c982358149
-
SHA1
f7887e6d1e460869e9276eb1300e2331a16f0855
-
SHA256
6391db48124aca767b7c2a08bd0ccbe84c6e651901bc67bee0ffbfba9f15e796
-
SHA512
eabde3f2e8a6f4e9acd7e601f9a2ef42ec35aff67a7a2a0b0a55182b2be62700b511220b2587cea4a0c9cc15d9e9bf9f4dc2be2e3621d5d028c599165581b1ba
-
SSDEEP
12288:lKKKKKKKKKK+8iUpeUhWxcQxx7exL6tgFUcPXCk3McMyFNJGYBYsY3NvGPiveO5Z:lKKKKKKKKKK+8iCeUhWxcYO04Xppc9
Malware Config
Targets
-
-
Target
6391db48124aca767b7c2a08bd0ccbe84c6e651901bc67bee0ffbfba9f15e796
-
Size
890KB
-
MD5
879383db78afcedf8d83d9c982358149
-
SHA1
f7887e6d1e460869e9276eb1300e2331a16f0855
-
SHA256
6391db48124aca767b7c2a08bd0ccbe84c6e651901bc67bee0ffbfba9f15e796
-
SHA512
eabde3f2e8a6f4e9acd7e601f9a2ef42ec35aff67a7a2a0b0a55182b2be62700b511220b2587cea4a0c9cc15d9e9bf9f4dc2be2e3621d5d028c599165581b1ba
-
SSDEEP
12288:lKKKKKKKKKK+8iUpeUhWxcQxx7exL6tgFUcPXCk3McMyFNJGYBYsY3NvGPiveO5Z:lKKKKKKKKKK+8iCeUhWxcYO04Xppc9
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-