Extracted

• • Target

    068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd

  • Size

    147KB

  • MD5

    75256873a03f4a4bc073185f48c1097c

  • SHA1

    e9023061def67ba21c09826fadc1607fd7f71d88

  • SHA256

    068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd

  • SHA512

    4b718093ad42d7b7b72498dfcbcfd1b39c980ef44e999b7035e6bfe6b782aad6b7553832f1efee45003d9b0c56bf2e408ca55082c550ac4faa19f199f366dede

  • SSDEEP

    3072:s6glyuxE4GsUPnliByocWepvdHFdjFpZ/fgyVF0dj:s6gDBGpvEByocWetdHZ/fgKF0

  Score

  10^/10

  ransomwarespywarestealer

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2