General
-
Target
AMD-drivers-2.0.7.exe.zip
-
Size
13.6MB
-
Sample
221129-tp8k6seb42
-
MD5
e46c76300df9430421c7e13d95e29ee1
-
SHA1
27d15bc5235356a821ee0dbcf2e51d7905a57f55
-
SHA256
db69b82d53374540f247c88e50d443835c021819fdbac7745b4f13a3e14e785e
-
SHA512
221839590a25530993d68caf452f991833cb8a788ad012591eeaa3f92eeba0c20325413ff908af07ce50ed24e1b12bb0d2a46b98033440b9ac11489ecf3a1cce
-
SSDEEP
393216:ijWfM4xSniYQaWhiMDiZU65F99UcO+gbyKY7H7j:aWNxieT1iCIucO+gbEL7j
Malware Config
Targets
-
-
Target
AMD-drivers-2.0.7.exe
-
Size
265.0MB
-
MD5
4d3bb85589bad628d92b79b17cf5e87e
-
SHA1
152d6b37b605255a3f7b71e416af6eed1682818a
-
SHA256
ca15402e6141c7ae941aeed7ff80933c814bce7ca007fb237b7b61c93f3bb338
-
SHA512
67b4fc2dcb3aeb1b355d9c34b3e46948c868a27db07cce534dd5fb4b2c376206b10bd21be016755b1e20efd51f9b903b3b11cdcc963df23e5d4692a2f8e6f94c
-
SSDEEP
393216:GKVaRkwboTiwguCPAGlEt883Zr1KCAKmvumolJ5j:dabbO2/DEesmCAKmv4j5j
Score10/10-
Modifies Windows Defender notification settings
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
UAC bypass
-
Windows security bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-