General
-
Target
e9f38ad4da6c3a59a0059411658d2bacb89a1c8c3bb06dbdd511d22bf3fe57da
-
Size
993KB
-
Sample
221121-lajz9sch33
-
MD5
3ff625ea87e31700b674bc2541567e40
-
SHA1
db74e545b80c360fae3fcb415accda646ab37f13
-
SHA256
e9f38ad4da6c3a59a0059411658d2bacb89a1c8c3bb06dbdd511d22bf3fe57da
-
SHA512
36b28f80f33ee9485dcc3bd0b0f7298ee356ecd03c889ab82fe48d4a51e5f3d62fc25b787ec9af764700ac9f4fb96119d885f0c635710022c0840965ddc966f0
-
SSDEEP
24576:Y6sIoDt3vgcDwu2YtcaHuRBp4NJiuSQ4j6d:Y6sIugcFHtc57uJiuSed
Malware Config
Targets
-
-
Target
e9f38ad4da6c3a59a0059411658d2bacb89a1c8c3bb06dbdd511d22bf3fe57da
-
Size
993KB
-
MD5
3ff625ea87e31700b674bc2541567e40
-
SHA1
db74e545b80c360fae3fcb415accda646ab37f13
-
SHA256
e9f38ad4da6c3a59a0059411658d2bacb89a1c8c3bb06dbdd511d22bf3fe57da
-
SHA512
36b28f80f33ee9485dcc3bd0b0f7298ee356ecd03c889ab82fe48d4a51e5f3d62fc25b787ec9af764700ac9f4fb96119d885f0c635710022c0840965ddc966f0
-
SSDEEP
24576:Y6sIoDt3vgcDwu2YtcaHuRBp4NJiuSQ4j6d:Y6sIugcFHtc57uJiuSed
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-