General
-
Target
bbe9dac74cda5a7a79dfaf67c1008285fb8e8e0d803b2573abf309afe7b63d5f
-
Size
442KB
-
Sample
221106-x98cpahbd8
-
MD5
0e07c6d2e249d95c0b4b9249cb43ffd0
-
SHA1
6e1b1626f08ebf78dfbf34e35a5a034bb0cf25ae
-
SHA256
bbe9dac74cda5a7a79dfaf67c1008285fb8e8e0d803b2573abf309afe7b63d5f
-
SHA512
d94937d7e04f4253080eb63eed96259de1305fd790d6bedb40885c18e5cf52b43825d4bfc73f9ff665a34721c289a5576e91a01a0e575bef6d394bd7ffd08b0b
-
SSDEEP
12288:xmjcV+OjiHpCNRbW8xEO2THk11xHF47NlsvBxwcL7mPp+P:xmkjiHpjeEO2ExH0NlsvBxwc3mw
Malware Config
Targets
-
-
Target
bbe9dac74cda5a7a79dfaf67c1008285fb8e8e0d803b2573abf309afe7b63d5f
-
Size
442KB
-
MD5
0e07c6d2e249d95c0b4b9249cb43ffd0
-
SHA1
6e1b1626f08ebf78dfbf34e35a5a034bb0cf25ae
-
SHA256
bbe9dac74cda5a7a79dfaf67c1008285fb8e8e0d803b2573abf309afe7b63d5f
-
SHA512
d94937d7e04f4253080eb63eed96259de1305fd790d6bedb40885c18e5cf52b43825d4bfc73f9ff665a34721c289a5576e91a01a0e575bef6d394bd7ffd08b0b
-
SSDEEP
12288:xmjcV+OjiHpCNRbW8xEO2THk11xHF47NlsvBxwcL7mPp+P:xmkjiHpjeEO2ExH0NlsvBxwc3mw
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-