General
-
Target
cbdfaf7c90928949e71d8666a296fa211bb42f47cf33b41b1f8c6e439323f2ad
-
Size
710KB
-
Sample
221110-hs8jssffe8
-
MD5
674a54ed8c9614aea4808f6a09cc2236
-
SHA1
10e78765c5b245a6d19e77f54cb40bcdbb91ddcd
-
SHA256
cbdfaf7c90928949e71d8666a296fa211bb42f47cf33b41b1f8c6e439323f2ad
-
SHA512
fb513afef9f44834e6461645a7f3121a343f07074f91b1e999faabeca332898f45426a67e70944ad979f80aa149eff5006547cc7b2ccb06af1a08b08df537ae1
-
SSDEEP
12288:XA0FfTcwpBuV2UxqDmuiLZeUaoFi2XZWfGe615HhAZV8DXKD/KeXQF:wuf4wTuV2Ux3uIZeUBi2Te6HWCKrKea
Malware Config
Targets
-
-
Target
cbdfaf7c90928949e71d8666a296fa211bb42f47cf33b41b1f8c6e439323f2ad
-
Size
710KB
-
MD5
674a54ed8c9614aea4808f6a09cc2236
-
SHA1
10e78765c5b245a6d19e77f54cb40bcdbb91ddcd
-
SHA256
cbdfaf7c90928949e71d8666a296fa211bb42f47cf33b41b1f8c6e439323f2ad
-
SHA512
fb513afef9f44834e6461645a7f3121a343f07074f91b1e999faabeca332898f45426a67e70944ad979f80aa149eff5006547cc7b2ccb06af1a08b08df537ae1
-
SSDEEP
12288:XA0FfTcwpBuV2UxqDmuiLZeUaoFi2XZWfGe615HhAZV8DXKD/KeXQF:wuf4wTuV2Ux3uIZeUBi2Te6HWCKrKea
Score10/10-
Detect Neshta payload
-
MedusaLocker
Ransomware with several variants first seen in September 2019.
-
MedusaLocker payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-