General
-
Target
1a99acb43ad9cc114b7858ff1b08c228696279b3fc719e42981b233c5dab0874
-
Size
547KB
-
Sample
221126-antk3scd5z
-
MD5
9aa95b27ff879d63f093759239086a50
-
SHA1
889325176e8c14cf31f0d940abcb0c027af5072b
-
SHA256
1a99acb43ad9cc114b7858ff1b08c228696279b3fc719e42981b233c5dab0874
-
SHA512
4349e92b874316c8479d006452652e7e755f55116364bcc86f29719a4123f518736d7bb1df9c8a5f09ca9a5ec858974d0b4182710fc442209fc0cfa094e7db74
-
SSDEEP
12288:uQ3gf7q14BqI/jHzh1GRLYT1ZneaqiTALuNGSRWGN62PedWTEOr:5gTq1KqI/zz/GqZnE/uNGyltPeggOr
Malware Config
Targets
-
-
Target
1a99acb43ad9cc114b7858ff1b08c228696279b3fc719e42981b233c5dab0874
-
Size
547KB
-
MD5
9aa95b27ff879d63f093759239086a50
-
SHA1
889325176e8c14cf31f0d940abcb0c027af5072b
-
SHA256
1a99acb43ad9cc114b7858ff1b08c228696279b3fc719e42981b233c5dab0874
-
SHA512
4349e92b874316c8479d006452652e7e755f55116364bcc86f29719a4123f518736d7bb1df9c8a5f09ca9a5ec858974d0b4182710fc442209fc0cfa094e7db74
-
SSDEEP
12288:uQ3gf7q14BqI/jHzh1GRLYT1ZneaqiTALuNGSRWGN62PedWTEOr:5gTq1KqI/zz/GqZnE/uNGyltPeggOr
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-