General
-
Target
fd3255851116bd8cf83003ef8fc8a20908742a6731b305e4bfaeb8d4d6488afc
-
Size
15.0MB
-
Sample
221018-yfa1rsdhgq
-
MD5
74b468644581a51d57eef4ecb2d819e1
-
SHA1
7357afddac1fa948c7e60af6806d3d9cbc6d34d4
-
SHA256
fd3255851116bd8cf83003ef8fc8a20908742a6731b305e4bfaeb8d4d6488afc
-
SHA512
988dec8102071252f21cfdfcf772b1f187981dc6049209824de1c32c631b30622c9c5d6499f05172fbb8ef74fb3049948ee9ce3fe18fa3cf1178b0cd6cdc9ee9
-
SSDEEP
98304:9Lu94TWAaNL2dqV33xAhe2c9DuFJswsDBBqa2ZZzRTC0rBC3FO:90RAad2cxAjAiJsBDBBYFTC0rBC3s
Malware Config
Targets
-
-
Target
fd3255851116bd8cf83003ef8fc8a20908742a6731b305e4bfaeb8d4d6488afc
-
Size
15.0MB
-
MD5
74b468644581a51d57eef4ecb2d819e1
-
SHA1
7357afddac1fa948c7e60af6806d3d9cbc6d34d4
-
SHA256
fd3255851116bd8cf83003ef8fc8a20908742a6731b305e4bfaeb8d4d6488afc
-
SHA512
988dec8102071252f21cfdfcf772b1f187981dc6049209824de1c32c631b30622c9c5d6499f05172fbb8ef74fb3049948ee9ce3fe18fa3cf1178b0cd6cdc9ee9
-
SSDEEP
98304:9Lu94TWAaNL2dqV33xAhe2c9DuFJswsDBBqa2ZZzRTC0rBC3FO:90RAad2cxAjAiJsBDBBYFTC0rBC3s
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-