General
-
Target
2d052aca846f76ac48f7e2eaf03984d38167cfcfa564594625c927cdcdf3f1b5
-
Size
6.3MB
-
Sample
221026-xnylcsgffr
-
MD5
5f74727d43c46c854f65f08682620b5c
-
SHA1
798e5c24c2c4885e11f5c97902dea98615e3e717
-
SHA256
2d052aca846f76ac48f7e2eaf03984d38167cfcfa564594625c927cdcdf3f1b5
-
SHA512
8087243a034c752071e66f159a269ac5a5e3310839dc81e38524f12896c70a192f76fc09853aa19fc64ad88c4738a04f3af070a456e33fb2f2945b12b23c63ed
-
SSDEEP
98304:2NOLtQus6pMpsoPXdN9JIB5kHYKQwYucWrWrW8t+g3FU:2NOLp7pMpsMNN9JVHYFwYnWrWrW5b
Malware Config
Targets
-
-
Target
2d052aca846f76ac48f7e2eaf03984d38167cfcfa564594625c927cdcdf3f1b5
-
Size
6.3MB
-
MD5
5f74727d43c46c854f65f08682620b5c
-
SHA1
798e5c24c2c4885e11f5c97902dea98615e3e717
-
SHA256
2d052aca846f76ac48f7e2eaf03984d38167cfcfa564594625c927cdcdf3f1b5
-
SHA512
8087243a034c752071e66f159a269ac5a5e3310839dc81e38524f12896c70a192f76fc09853aa19fc64ad88c4738a04f3af070a456e33fb2f2945b12b23c63ed
-
SSDEEP
98304:2NOLtQus6pMpsoPXdN9JIB5kHYKQwYucWrWrW8t+g3FU:2NOLp7pMpsMNN9JVHYFwYnWrWrW5b
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-