General
-
Target
362146d6a41044exeexeexeex.exe
-
Size
333KB
-
Sample
230706-svwm5ace78
-
MD5
362146d6a410440a779030ad65deabb9
-
SHA1
454ac225175d472c01dbdec4212e99648f48c413
-
SHA256
6edb40dcddaf4e96e92095e5356c3f10117b5ba3a32a6d97920d5841e8aa501d
-
SHA512
e53bb5fe9ae21a494abf042f9c981d3416bef85dbf8140ea11f1b300b26af298a13a02f03a6d93d025eaeba127292f5849592a012916b642d775733ba1c6e1f6
-
SSDEEP
6144:xx7jHdXEVAY7/a4WflasSQsyH1AR6nxqwa1hMGd5FXch656l3cs:PtXrY7/abasS9dSxq31Ld5uoc3cs
Malware Config
Targets
-
-
Target
362146d6a41044exeexeexeex.exe
-
Size
333KB
-
MD5
362146d6a410440a779030ad65deabb9
-
SHA1
454ac225175d472c01dbdec4212e99648f48c413
-
SHA256
6edb40dcddaf4e96e92095e5356c3f10117b5ba3a32a6d97920d5841e8aa501d
-
SHA512
e53bb5fe9ae21a494abf042f9c981d3416bef85dbf8140ea11f1b300b26af298a13a02f03a6d93d025eaeba127292f5849592a012916b642d775733ba1c6e1f6
-
SSDEEP
6144:xx7jHdXEVAY7/a4WflasSQsyH1AR6nxqwa1hMGd5FXch656l3cs:PtXrY7/abasS9dSxq31Ld5uoc3cs
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-