General
-
Target
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
-
Size
720KB
-
Sample
230329-x5hapsbc7s
-
MD5
163e651162f292028ca9a8d7f1ed7340
-
SHA1
a85ff9091f298ea2d6823a7b0053daa08b237423
-
SHA256
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b
-
SHA512
f1cd02b07219d40d489b8000a92e20fca0c3e536a7dde25b98b7be0ce54a46349dcea9e66bef8f7fbd895ce7e5b22e3f3a46fbb9c7dcea4185b3937384f1649f
-
SSDEEP
12288:A+2ZzbQ32UC1pC0q1oJn2OR9YA/SnHaetVkiIGjltRztp:A+4OECVCn2OR9r/kaetNIOtZ
Static task
static1
Behavioral task
behavioral1
Sample
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
-
Size
720KB
-
MD5
163e651162f292028ca9a8d7f1ed7340
-
SHA1
a85ff9091f298ea2d6823a7b0053daa08b237423
-
SHA256
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b
-
SHA512
f1cd02b07219d40d489b8000a92e20fca0c3e536a7dde25b98b7be0ce54a46349dcea9e66bef8f7fbd895ce7e5b22e3f3a46fbb9c7dcea4185b3937384f1649f
-
SSDEEP
12288:A+2ZzbQ32UC1pC0q1oJn2OR9YA/SnHaetVkiIGjltRztp:A+4OECVCn2OR9r/kaetNIOtZ
Score9/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-