General
-
Target
b88fe97196d3ea799b1e708ab452e9a61f9380a8b27a82f03575f5f046b036d0
-
Size
1.1MB
-
Sample
221116-gb719shd22
-
MD5
ffc6b559c24b8d82afcb5c01bb5619d9
-
SHA1
8e068e9c486769716d9685f85687b531ab3a88cf
-
SHA256
b88fe97196d3ea799b1e708ab452e9a61f9380a8b27a82f03575f5f046b036d0
-
SHA512
48cf29ecbf184f9d96b9db95190657604c7fb9570046abbeba70d99c6748afbea5f698bb4bb91b1b9b3b3ab7abc56c36a3230aa20c58a99269fe0a4884522191
-
SSDEEP
24576:NyBzKGHF0bxTCFvXwKk/aISpu4Qc6F3v1HT2BzN2tgGS3YzYho1yWEsWbj28Q5m:AV4xTCzu4Qc6/F8S8bzQ
Malware Config
Targets
-
-
Target
b88fe97196d3ea799b1e708ab452e9a61f9380a8b27a82f03575f5f046b036d0
-
Size
1.1MB
-
MD5
ffc6b559c24b8d82afcb5c01bb5619d9
-
SHA1
8e068e9c486769716d9685f85687b531ab3a88cf
-
SHA256
b88fe97196d3ea799b1e708ab452e9a61f9380a8b27a82f03575f5f046b036d0
-
SHA512
48cf29ecbf184f9d96b9db95190657604c7fb9570046abbeba70d99c6748afbea5f698bb4bb91b1b9b3b3ab7abc56c36a3230aa20c58a99269fe0a4884522191
-
SSDEEP
24576:NyBzKGHF0bxTCFvXwKk/aISpu4Qc6F3v1HT2BzN2tgGS3YzYho1yWEsWbj28Q5m:AV4xTCzu4Qc6/F8S8bzQ
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-