General
-
Target
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.zip
-
Size
68KB
-
Sample
221121-n95gcshe76
-
MD5
7e83ada2154b61b429608adcedf67cfa
-
SHA1
a18d7cd6b0d407074b78ccf61f967a7e186fc04f
-
SHA256
6270fc40abc62bce9c80fa7954547c04229d2cfd885ef1b319f14ab3aca0b6cb
-
SHA512
662cf81eb0976d8c9a8e1fe66e88d28c8af5ded3f785be0f87a411b2239c9e05d842e8b6a750bac13276978a72ec95e2c73942efc049f592ccdadba996e1e87a
-
SSDEEP
1536:c6MyanRA82id26lZpoiCh5rCNLO8HTQgTwJMmWQIdWGPZ3rSk:cFxGriBgLh1CNaqPbmW7Ek
Malware Config
Targets
-
-
Target
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
-
Size
156KB
-
MD5
fcd21c6fca3b9378961aa1865bee7ecb
-
SHA1
0abaa05da2a05977e0baf68838cff1712f1789e0
-
SHA256
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458
-
SHA512
e39c1f965f6faeaa33dfec6eba23fbfff14b287f4777797ea79480bb037d6d806516bda7046315e051961fce12e935ac546819c1e0bef5c33568d68955a9792a
-
SSDEEP
1536:7ZLTzASUIG0TOOYTufIaSWvRYkekdvizSBXxNe9VPw6s6aUCT7Q7qn:OBI9HYyfNBdviGBBQsrhPk4
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
RansomEXX Ransomware
Targeted ransomware with variants which affect Windows and Linux systems.
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables use of System Restore points
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Overwrites deleted data with Cipher tool
Cipher is a Windows tool which be used to securely wipe deallocated HDD space, preventing recovery of deleted data.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-