General
-
Target
90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
-
Size
256KB
-
Sample
221128-qmkvjsbd6w
-
MD5
f7af4a7c9b22da810861a6bd07c55a87
-
SHA1
a8d832d884d94372f6dc8f9a3718eb3b4db1ee09
-
SHA256
90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
-
SHA512
feeadc83c12b5d8d678b8c1078b48de19fa6bea35224d84e7b1859c79ac8661836c25b9fa8dd5994fe2841cf08adea60864c4d94b43dc7861729174daf7b9ca6
-
SSDEEP
6144:BcEWAuYkSubM5cAhVIdnwMVtyeelQikCwxjqdsCWTz4M:2hSSS5YlVtyeklPujqdmT9
Malware Config
Targets
-
-
Target
90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
-
Size
256KB
-
MD5
f7af4a7c9b22da810861a6bd07c55a87
-
SHA1
a8d832d884d94372f6dc8f9a3718eb3b4db1ee09
-
SHA256
90e7babb24c19f8f9f5d9a708fc1cbd5dcd16609c1c18c85071ee15ff4ca6041
-
SHA512
feeadc83c12b5d8d678b8c1078b48de19fa6bea35224d84e7b1859c79ac8661836c25b9fa8dd5994fe2841cf08adea60864c4d94b43dc7861729174daf7b9ca6
-
SSDEEP
6144:BcEWAuYkSubM5cAhVIdnwMVtyeelQikCwxjqdsCWTz4M:2hSSS5YlVtyeklPujqdmT9
Score10/10-
Detected phishing page
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-