General
-
Target
862dfab82b9468b58c841bcc780c42835fb061d983298eac8f16b973137bdc31
-
Size
493KB
-
Sample
221030-2ctkgseaem
-
MD5
91bd1e636e9b22b27ee5ff26c0013b90
-
SHA1
780e4aaf6645b9acb08db9a31297531e27166941
-
SHA256
862dfab82b9468b58c841bcc780c42835fb061d983298eac8f16b973137bdc31
-
SHA512
3a2fbcefe28e103141f1bda319d9ffc9d44d249b0a5755c292e282f8047fff8678964d291733eaeab630fab30e0daa54ebcc3bf7b63b17434a5d93db53032feb
-
SSDEEP
12288:Ij/tO6OU85qlIFAktw4Pi0YYIJgXa6ESJy8AR5SJ:qHOJqWmkpPi0YYIJiPN6A
Malware Config
Targets
-
-
Target
862dfab82b9468b58c841bcc780c42835fb061d983298eac8f16b973137bdc31
-
Size
493KB
-
MD5
91bd1e636e9b22b27ee5ff26c0013b90
-
SHA1
780e4aaf6645b9acb08db9a31297531e27166941
-
SHA256
862dfab82b9468b58c841bcc780c42835fb061d983298eac8f16b973137bdc31
-
SHA512
3a2fbcefe28e103141f1bda319d9ffc9d44d249b0a5755c292e282f8047fff8678964d291733eaeab630fab30e0daa54ebcc3bf7b63b17434a5d93db53032feb
-
SSDEEP
12288:Ij/tO6OU85qlIFAktw4Pi0YYIJgXa6ESJy8AR5SJ:qHOJqWmkpPi0YYIJiPN6A
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-