General
-
Target
Yvbhq.exe
-
Size
65KB
-
Sample
221129-j758naeg71
-
MD5
9829cba45d96db58f0898ad58743a474
-
SHA1
a3f4827d0523dac0c56e91b4538bdcf14c36570f
-
SHA256
19d2e3e1f912a1fe23399b0a1c150e28e03ef0cff5dfb7d2d532f705769862b5
-
SHA512
bd4d6431ca4315ad21a1094594ca0cb68a5cca689b64b73876045e468d1ba1c03d6845b444d2936ea50e71438b44ef65fdd74ca22d2339472f2f6e53be90cd8a
-
SSDEEP
1536:pmV+3Z/ZBJEomaAsurFk5ZjXx+plbfP9HPe0/v7WYPwoMkeT1eK6G:I+JtEomapYFk5ZsFP9HmelqT1N6G
Malware Config
Targets
-
-
Target
Yvbhq.exe
-
Size
65KB
-
MD5
9829cba45d96db58f0898ad58743a474
-
SHA1
a3f4827d0523dac0c56e91b4538bdcf14c36570f
-
SHA256
19d2e3e1f912a1fe23399b0a1c150e28e03ef0cff5dfb7d2d532f705769862b5
-
SHA512
bd4d6431ca4315ad21a1094594ca0cb68a5cca689b64b73876045e468d1ba1c03d6845b444d2936ea50e71438b44ef65fdd74ca22d2339472f2f6e53be90cd8a
-
SSDEEP
1536:pmV+3Z/ZBJEomaAsurFk5ZjXx+plbfP9HPe0/v7WYPwoMkeT1eK6G:I+JtEomapYFk5ZsFP9HmelqT1N6G
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Stops running service(s)
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-