General
-
Target
4345a7bbe08110277171dd9c6a6d7736e220d5d7ef11d9d082b18b857a7941ab
-
Size
137KB
-
Sample
221128-g3r45aga6w
-
MD5
35dbf14ccd580c19ade8b4378b7ef228
-
SHA1
02922d258a6379fb369c99b4a7bba9ebc8786ac4
-
SHA256
4345a7bbe08110277171dd9c6a6d7736e220d5d7ef11d9d082b18b857a7941ab
-
SHA512
47ae2c57fa7bcbff0e98ae41bb9a8151ac8a24e70120d549021a903fc9e99cf9688233116e8458ae1ff61861ed6150a7e4652be974b2c3cbeebf6c7019e8cab3
-
SSDEEP
3072:cNhD3Ybr7iSRjtfZ7sahit8k5ZzA8BrtRC/+zouEVetkYWVwBJZkVWqHqd:2sbvd4ahitplAyfCYNM5uBJZHqH
Malware Config
Targets
-
-
Target
4345a7bbe08110277171dd9c6a6d7736e220d5d7ef11d9d082b18b857a7941ab
-
Size
137KB
-
MD5
35dbf14ccd580c19ade8b4378b7ef228
-
SHA1
02922d258a6379fb369c99b4a7bba9ebc8786ac4
-
SHA256
4345a7bbe08110277171dd9c6a6d7736e220d5d7ef11d9d082b18b857a7941ab
-
SHA512
47ae2c57fa7bcbff0e98ae41bb9a8151ac8a24e70120d549021a903fc9e99cf9688233116e8458ae1ff61861ed6150a7e4652be974b2c3cbeebf6c7019e8cab3
-
SSDEEP
3072:cNhD3Ybr7iSRjtfZ7sahit8k5ZzA8BrtRC/+zouEVetkYWVwBJZkVWqHqd:2sbvd4ahitplAyfCYNM5uBJZHqH
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-