General
-
Target
04edfb7f28e85eb9bdefd63e81c37753.exe
-
Size
294KB
-
Sample
230302-3kz8nsfd38
-
MD5
04edfb7f28e85eb9bdefd63e81c37753
-
SHA1
9ea3665e662fd22ccb6d8d977ad5abd6bc806631
-
SHA256
d7e985fabb6a936c59f36c0b717aaae6c32df05688c0673fcbc677bb88b10ff5
-
SHA512
9b30b9b5a8e0075b5954db5c5fc52498ae47e89b8003058788e22cdf12974a8f471b3a9816ee6a73a07680238dd7cb9d5463241ddf64aa8dfef1ccb658404a92
-
SSDEEP
6144:39/dAPMFn4d1fX1GnZx7cAOIBiFNTqkal06jaU2TTUhaRW:t/dAEFnMXmcA2NTqka06j8/FW
Malware Config
Targets
-
-
Target
04edfb7f28e85eb9bdefd63e81c37753.exe
-
Size
294KB
-
MD5
04edfb7f28e85eb9bdefd63e81c37753
-
SHA1
9ea3665e662fd22ccb6d8d977ad5abd6bc806631
-
SHA256
d7e985fabb6a936c59f36c0b717aaae6c32df05688c0673fcbc677bb88b10ff5
-
SHA512
9b30b9b5a8e0075b5954db5c5fc52498ae47e89b8003058788e22cdf12974a8f471b3a9816ee6a73a07680238dd7cb9d5463241ddf64aa8dfef1ccb658404a92
-
SSDEEP
6144:39/dAPMFn4d1fX1GnZx7cAOIBiFNTqkal06jaU2TTUhaRW:t/dAEFnMXmcA2NTqka06j8/FW
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-