General
-
Target
ff054c66176b2e4e66ee16b6c3302274be96ed5498662774405e68387edcc40f.exe
-
Size
15.1MB
-
Sample
221016-h7h8fshah5
-
MD5
94fb4a882da1ce62387d0d647271a9b7
-
SHA1
0212e25674e3f5b523cd9c8669dcc1bbd3af19c9
-
SHA256
ff054c66176b2e4e66ee16b6c3302274be96ed5498662774405e68387edcc40f
-
SHA512
1f6c99d6699aaa90ea00247801814ae04c41a6f3e75f26b6d9c4208866658953f28e95a3da9ed763c9c6d4b0e9f84fafda1469030227529208cc15c017d9c893
-
SSDEEP
196608:HDL6+/m9F2Qc5GXQkzCRP/2v1cFDdmyQhaCfLDJkdJka5JpwH:HDLpAUl2tDP0WDOdJka5JpwH
Malware Config
Targets
-
-
Target
ff054c66176b2e4e66ee16b6c3302274be96ed5498662774405e68387edcc40f.exe
-
Size
15.1MB
-
MD5
94fb4a882da1ce62387d0d647271a9b7
-
SHA1
0212e25674e3f5b523cd9c8669dcc1bbd3af19c9
-
SHA256
ff054c66176b2e4e66ee16b6c3302274be96ed5498662774405e68387edcc40f
-
SHA512
1f6c99d6699aaa90ea00247801814ae04c41a6f3e75f26b6d9c4208866658953f28e95a3da9ed763c9c6d4b0e9f84fafda1469030227529208cc15c017d9c893
-
SSDEEP
196608:HDL6+/m9F2Qc5GXQkzCRP/2v1cFDdmyQhaCfLDJkdJka5JpwH:HDLpAUl2tDP0WDOdJka5JpwH
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-