General
-
Target
95126e2d03c734c5f81b350415f21e976849873c3cf549eed9f7dfdd0354b2bf
-
Size
6.2MB
-
Sample
221027-m4sd6sbhhl
-
MD5
be7402afe7aef72152011881326aa5c6
-
SHA1
9b1b8de0547112b27105bd39f26de18c96be929e
-
SHA256
95126e2d03c734c5f81b350415f21e976849873c3cf549eed9f7dfdd0354b2bf
-
SHA512
5605bce6529b564f5125d3e5d6eb165e0f2a7144eb1090ebc3833c977ce58b68d85e7ff8cc2cac081725897cc9224ac13c9df9b0d165eb0736b967cc173056f3
-
SSDEEP
49152:JqcQFTIOZeN04TTv2tyVY81DasilJoab20Maoc5+OcoP1xbaHdLHkJEZ11QAfloo:4cQUO4TbO81DaLlJoab8aocpj+DheTp+
Malware Config
Targets
-
-
Target
95126e2d03c734c5f81b350415f21e976849873c3cf549eed9f7dfdd0354b2bf
-
Size
6.2MB
-
MD5
be7402afe7aef72152011881326aa5c6
-
SHA1
9b1b8de0547112b27105bd39f26de18c96be929e
-
SHA256
95126e2d03c734c5f81b350415f21e976849873c3cf549eed9f7dfdd0354b2bf
-
SHA512
5605bce6529b564f5125d3e5d6eb165e0f2a7144eb1090ebc3833c977ce58b68d85e7ff8cc2cac081725897cc9224ac13c9df9b0d165eb0736b967cc173056f3
-
SSDEEP
49152:JqcQFTIOZeN04TTv2tyVY81DasilJoab20Maoc5+OcoP1xbaHdLHkJEZ11QAfloo:4cQUO4TbO81DaLlJoab8aocpj+DheTp+
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-