General
-
Target
ef0362f14d9e7a3ce85bb01bb2d81db71879a71e4cdc778290ceecf0ea2c5179
-
Size
8.4MB
-
Sample
221018-ssa9eagefj
-
MD5
f16c5c924d238957862f1835b66c1eeb
-
SHA1
d384a1ffed87019aa31b33fb3dea33e8a0989f0f
-
SHA256
ef0362f14d9e7a3ce85bb01bb2d81db71879a71e4cdc778290ceecf0ea2c5179
-
SHA512
95cd9eea8561d14e92bf7e9eb5dd444db471c9495b9cbedfc23301a8b5c4780b7cd094abe80d25bd023b50275ed52fa0a05333338c77c64f796453b616473f8c
-
SSDEEP
49152:mjLuSh3i+FtvkMzT+8Re0ZGxbxcgsIsTZm:aLu1g9ZGlWrfTZm
Malware Config
Targets
-
-
Target
ef0362f14d9e7a3ce85bb01bb2d81db71879a71e4cdc778290ceecf0ea2c5179
-
Size
8.4MB
-
MD5
f16c5c924d238957862f1835b66c1eeb
-
SHA1
d384a1ffed87019aa31b33fb3dea33e8a0989f0f
-
SHA256
ef0362f14d9e7a3ce85bb01bb2d81db71879a71e4cdc778290ceecf0ea2c5179
-
SHA512
95cd9eea8561d14e92bf7e9eb5dd444db471c9495b9cbedfc23301a8b5c4780b7cd094abe80d25bd023b50275ed52fa0a05333338c77c64f796453b616473f8c
-
SSDEEP
49152:mjLuSh3i+FtvkMzT+8Re0ZGxbxcgsIsTZm:aLu1g9ZGlWrfTZm
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-