General
-
Target
7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F.zip
-
Size
28KB
-
Sample
230621-1qwfkabf35
-
MD5
f5453e62c02e1d91e90e05d2d003b52d
-
SHA1
ae45c74c79445fd1b6b75edf9fc38f1fa82d9b43
-
SHA256
ad04ee3c63977af8fac251f022cccc13f292def20e565aec8324cc43a96861b4
-
SHA512
65685e784935d8a9f044fe3d2074d038d1d6d04a0c119e81ab183a42d1c24b7e56ca13a00ff68d03114b998fa75690f5a6fd53a4f65d1a48f1befe2f36f2d5fd
-
SSDEEP
768:SuZhg1ecuq1coNVJ0VELodriaVtKkQoHQ+j21Vu:SuZEecu+dwvdxml+y1Vu
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\d760d36f-0049-4f9d-83b3-b1dfe839d3f1\+README-WARNING+.txt
Targets
-
-
Target
7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F
-
Size
42KB
-
MD5
55e27e760ffb7c153d4b25469ebc9f2b
-
SHA1
527e3bda1f96cf743eafaabc4a1eb9a3b2f23c25
-
SHA256
7d630ef735ea9607d50b8ba425db224fc686b7682a492baeebbcd66e92582c4f
-
SHA512
ef5ce8a2c07035756289cb878274478cb579b74e9906d157a516ced0f773577e65410e7313e428eb27c8b41a900e8fd7e07801f6bf1849b700710cc6903a1c1b
-
SSDEEP
768:tO1oR//VS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDhLuDFu+OSYNgnGE:tlS1FKnDtkuImhKDFJOSe4
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (4508) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops file in System32 directory
-