General
-
Target
27f10b57f169b5e5468245cdb59ebfa0ac276b843f4fb7b47794da0125336b4a.exe
-
Size
938KB
-
Sample
221016-qtvnbshfa5
-
MD5
2981bf227b5b5dc595e7a01239272af4
-
SHA1
6469bc2bdf7a6fc8a1623233141dced9a759cbd2
-
SHA256
27f10b57f169b5e5468245cdb59ebfa0ac276b843f4fb7b47794da0125336b4a
-
SHA512
4985e95568d8f020858db0aa02c5de97741ac037139fd8091967b2f7e28241897f53233ddf2c166ac025d8efa637aab0861f3564a962a83a690a3a6dac40067e
-
SSDEEP
24576:lKKKKKKKKKKKKsxr4cQFTj0OZeVJAjCMvGdLtv:WqcQFTIOZeUGVtv
Malware Config
Targets
-
-
Target
27f10b57f169b5e5468245cdb59ebfa0ac276b843f4fb7b47794da0125336b4a.exe
-
Size
938KB
-
MD5
2981bf227b5b5dc595e7a01239272af4
-
SHA1
6469bc2bdf7a6fc8a1623233141dced9a759cbd2
-
SHA256
27f10b57f169b5e5468245cdb59ebfa0ac276b843f4fb7b47794da0125336b4a
-
SHA512
4985e95568d8f020858db0aa02c5de97741ac037139fd8091967b2f7e28241897f53233ddf2c166ac025d8efa637aab0861f3564a962a83a690a3a6dac40067e
-
SSDEEP
24576:lKKKKKKKKKKKKsxr4cQFTj0OZeVJAjCMvGdLtv:WqcQFTIOZeUGVtv
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-