General
-
Target
3a4727511ff716d762e6ff9d53375a41595be6ee3f6180774f016cabd8c432e3.exe
-
Size
8.4MB
-
Sample
221012-ntewrsdddp
-
MD5
a1539266fdc1e363aa9f9d3c31426499
-
SHA1
703a66f96ef0f6073c19b204d67474e766590f0c
-
SHA256
3a4727511ff716d762e6ff9d53375a41595be6ee3f6180774f016cabd8c432e3
-
SHA512
1260b5735bac6a22a3f876b45c5019d706b4614988ccae8f246da04af305dca762add38da70dd392899769c520f2899ff0a0b7eaab7441f0439a968b194994ff
-
SSDEEP
98304:ZLu1g9ZGlWrfTZmHqXE9ssD/QjI+1ozfLu1TIRtUOV5ZK3psErUtgKpjF:Zd9JTZksaJ+1orTRt23psErUtjp
Malware Config
Targets
-
-
Target
3a4727511ff716d762e6ff9d53375a41595be6ee3f6180774f016cabd8c432e3.exe
-
Size
8.4MB
-
MD5
a1539266fdc1e363aa9f9d3c31426499
-
SHA1
703a66f96ef0f6073c19b204d67474e766590f0c
-
SHA256
3a4727511ff716d762e6ff9d53375a41595be6ee3f6180774f016cabd8c432e3
-
SHA512
1260b5735bac6a22a3f876b45c5019d706b4614988ccae8f246da04af305dca762add38da70dd392899769c520f2899ff0a0b7eaab7441f0439a968b194994ff
-
SSDEEP
98304:ZLu1g9ZGlWrfTZmHqXE9ssD/QjI+1ozfLu1TIRtUOV5ZK3psErUtgKpjF:Zd9JTZksaJ+1orTRt23psErUtjp
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-