General
-
Target
speel.exe
-
Size
110KB
-
Sample
230327-qjjs3sde97
-
MD5
04910458c6338cd58027336c5a3e0f26
-
SHA1
4948cc434de62b14c6a92fb8d15f6355199dd7f2
-
SHA256
dd101db5d9503f33a0c23d79da3642e999375748f7c1532e98c813b114bdfa1a
-
SHA512
845b63c7314013d7915b9d3a23bb433ea8f9f5df1331c010a5eecef2b8048cfd74b8eb1941a9792030e3d6958dee87b2fc1c792db61eab72749f9d41ac6cef18
-
SSDEEP
3072:WQARDoo8GKdimusNmZOGo0Y0O6E/y1G+GO8jr9+vUAyGLhsj:QuNShoGO5+ci7I
Static task
static1
Behavioral task
behavioral1
Sample
speel.exe
Resource
win10-20230220-en
Malware Config
Targets
-
-
Target
speel.exe
-
Size
110KB
-
MD5
04910458c6338cd58027336c5a3e0f26
-
SHA1
4948cc434de62b14c6a92fb8d15f6355199dd7f2
-
SHA256
dd101db5d9503f33a0c23d79da3642e999375748f7c1532e98c813b114bdfa1a
-
SHA512
845b63c7314013d7915b9d3a23bb433ea8f9f5df1331c010a5eecef2b8048cfd74b8eb1941a9792030e3d6958dee87b2fc1c792db61eab72749f9d41ac6cef18
-
SSDEEP
3072:WQARDoo8GKdimusNmZOGo0Y0O6E/y1G+GO8jr9+vUAyGLhsj:QuNShoGO5+ci7I
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-