Overview

overview

9

Static

static

ddc016c410...05.exe

windows7-x64

9

ddc016c410...05.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    ddc016c4106eb349e0d219f2ec70ba1428d3bc0e1b6aeb0b9f4a6242169b6605.exe

  • Size

    69KB

  • Sample

    221101-xnhj5sfbal

  • MD5

    f12d5cb1e1ef0bd2cfb84e5bfe4a374a

  • SHA1

    b2fc939142188430def4d782d0294a2ecb95d522

  • SHA256

    ddc016c4106eb349e0d219f2ec70ba1428d3bc0e1b6aeb0b9f4a6242169b6605

  • SHA512

    60c3e8406d1f91e94d4f5bc9e50cae8cd256fb0a46395b010bab65c359899aa3e359a4417de062aef1656dcf235047cec547f023465dad48bdda392753335eeb

  • SSDEEP

    1536:bLFfx65YA4hsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Hl:Vfx6yA0srQLOJgY8Zp8LHD4XWaNH71dj

Score
9/10
ransomware

Malware Config

Targets

    • Target

      ddc016c4106eb349e0d219f2ec70ba1428d3bc0e1b6aeb0b9f4a6242169b6605.exe

    • Size

      69KB

    • MD5

      f12d5cb1e1ef0bd2cfb84e5bfe4a374a

    • SHA1

      b2fc939142188430def4d782d0294a2ecb95d522

    • SHA256

      ddc016c4106eb349e0d219f2ec70ba1428d3bc0e1b6aeb0b9f4a6242169b6605

    • SHA512

      60c3e8406d1f91e94d4f5bc9e50cae8cd256fb0a46395b010bab65c359899aa3e359a4417de062aef1656dcf235047cec547f023465dad48bdda392753335eeb

    • SSDEEP

      1536:bLFfx65YA4hsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Hl:Vfx6yA0srQLOJgY8Zp8LHD4XWaNH71dj

    Score
    9/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks