General
-
Target
6c52784fd8c27230485e19657d352e013f7d9e751b26a571c690576f845f45dc
-
Size
469KB
-
Sample
221011-ns69macgak
-
MD5
695e2e0f57248d7ffff4eb57a47a9f70
-
SHA1
b33306a944f96113b63a6f737b1e58fa4b059d38
-
SHA256
6c52784fd8c27230485e19657d352e013f7d9e751b26a571c690576f845f45dc
-
SHA512
25596bc420fdd8490178ea2eee96e02a0d29b6ad2bb0a23263ef3b8f8ed936deb7a54686e3e40559c586ce7b8a14694d011e6b8a9354850152fca12e61c2b601
-
SSDEEP
12288:tmoW3zuCkypEg3XvoOr+4EzgAzOiq0MGrAHOBHsrE/vnrm9wyXW18vT:MoW36knXvD+ZzgWOirsHQ/y9SOT
Malware Config
Targets
-
-
Target
6c52784fd8c27230485e19657d352e013f7d9e751b26a571c690576f845f45dc
-
Size
469KB
-
MD5
695e2e0f57248d7ffff4eb57a47a9f70
-
SHA1
b33306a944f96113b63a6f737b1e58fa4b059d38
-
SHA256
6c52784fd8c27230485e19657d352e013f7d9e751b26a571c690576f845f45dc
-
SHA512
25596bc420fdd8490178ea2eee96e02a0d29b6ad2bb0a23263ef3b8f8ed936deb7a54686e3e40559c586ce7b8a14694d011e6b8a9354850152fca12e61c2b601
-
SSDEEP
12288:tmoW3zuCkypEg3XvoOr+4EzgAzOiq0MGrAHOBHsrE/vnrm9wyXW18vT:MoW36knXvD+ZzgWOirsHQ/y9SOT
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-