General
-
Target
59ad07e78d62baexeexeexeex.exe
-
Size
761KB
-
Sample
230707-za6qxsce31
-
MD5
59ad07e78d62ba29d5312e9288d21208
-
SHA1
06b24d3bc893090ebd190ada1578e5ea6667227f
-
SHA256
f14004ba0b99677caef0f6edb047aa0c89fb11c1882bfc4af07d6f36c7ece4de
-
SHA512
56c72fad9cc70b77847ac4edf71b5a866221d5b8a4ef0bfac8cb2fe614009f6e8218c00f11c39f9fd6af4aa64e9361f8c2de5e7d909ab2acee1ac3d23fa0758f
-
SSDEEP
12288:HH/RZMdmOSeU39r9+kjj0isLfu0HzojOU7xG2uKQ0sN0z:nf/ftgZisLfXTojOSxbuKQ0sqz
Malware Config
Targets
-
-
Target
59ad07e78d62baexeexeexeex.exe
-
Size
761KB
-
MD5
59ad07e78d62ba29d5312e9288d21208
-
SHA1
06b24d3bc893090ebd190ada1578e5ea6667227f
-
SHA256
f14004ba0b99677caef0f6edb047aa0c89fb11c1882bfc4af07d6f36c7ece4de
-
SHA512
56c72fad9cc70b77847ac4edf71b5a866221d5b8a4ef0bfac8cb2fe614009f6e8218c00f11c39f9fd6af4aa64e9361f8c2de5e7d909ab2acee1ac3d23fa0758f
-
SSDEEP
12288:HH/RZMdmOSeU39r9+kjj0isLfu0HzojOU7xG2uKQ0sN0z:nf/ftgZisLfXTojOSxbuKQ0sqz
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-