General
-
Target
d114473c66431d2776572bb1245e83d6602f71e980ff1084d6827300c47f4a9e
-
Size
388KB
-
Sample
221128-gfbhvsed2s
-
MD5
56d9e668c269c3af0ef56c1449f4d07c
-
SHA1
3c9d803e3f03f4390d05cc6d260986006684c725
-
SHA256
d114473c66431d2776572bb1245e83d6602f71e980ff1084d6827300c47f4a9e
-
SHA512
132d3f2731879f94b601ff9bd65846bf54b0e0bf72830f6decbbb5a39962e15ba5efc728456183d0fc87562e1a0ff8b0153f48c0db785f18ea0092ead0dfb9cd
-
SSDEEP
6144:d7pyQuvDj9rOcNeaqbAnIBYz+cGsMXKmwCEHL9Oh9nCMaCQn:dNyQA3nIgp/MXKmwCjFCSq
Malware Config
Targets
-
-
Target
d114473c66431d2776572bb1245e83d6602f71e980ff1084d6827300c47f4a9e
-
Size
388KB
-
MD5
56d9e668c269c3af0ef56c1449f4d07c
-
SHA1
3c9d803e3f03f4390d05cc6d260986006684c725
-
SHA256
d114473c66431d2776572bb1245e83d6602f71e980ff1084d6827300c47f4a9e
-
SHA512
132d3f2731879f94b601ff9bd65846bf54b0e0bf72830f6decbbb5a39962e15ba5efc728456183d0fc87562e1a0ff8b0153f48c0db785f18ea0092ead0dfb9cd
-
SSDEEP
6144:d7pyQuvDj9rOcNeaqbAnIBYz+cGsMXKmwCEHL9Oh9nCMaCQn:dNyQA3nIgp/MXKmwCjFCSq
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-