General
-
Target
816b38715d947aff5a70fa60336c19b8f559ade025ee6a88026f4eabea8e49d1
-
Size
356KB
-
Sample
221025-dhv4habdc3
-
MD5
01296c877b9e8367bbafda0f96678aee
-
SHA1
1994086132e0c57d3d284d34cfe52f4ab788f586
-
SHA256
816b38715d947aff5a70fa60336c19b8f559ade025ee6a88026f4eabea8e49d1
-
SHA512
0074071ce94673d44f4d26d4ee868689201cf53845e6e73d93e2a1ec70d75a621316f5d6d9a42a36744627020f77d3ddcf4811e97754f3ae2b48fe77771a2c4c
-
SSDEEP
6144:e98L598L598L598lmyOyG2XCRVtmedhnK8OTK0hQqPhjVd8kU2UFeRSBSmn8XMgG:lKK+myOyG2XCRVtRhnCTBRy8pRYAqNf
Malware Config
Targets
-
-
Target
816b38715d947aff5a70fa60336c19b8f559ade025ee6a88026f4eabea8e49d1
-
Size
356KB
-
MD5
01296c877b9e8367bbafda0f96678aee
-
SHA1
1994086132e0c57d3d284d34cfe52f4ab788f586
-
SHA256
816b38715d947aff5a70fa60336c19b8f559ade025ee6a88026f4eabea8e49d1
-
SHA512
0074071ce94673d44f4d26d4ee868689201cf53845e6e73d93e2a1ec70d75a621316f5d6d9a42a36744627020f77d3ddcf4811e97754f3ae2b48fe77771a2c4c
-
SSDEEP
6144:e98L598L598L598lmyOyG2XCRVtmedhnK8OTK0hQqPhjVd8kU2UFeRSBSmn8XMgG:lKK+myOyG2XCRVtRhnCTBRy8pRYAqNf
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-