General
-
Target
d88d94ea392ab3exeexeexeex.exe
-
Size
271KB
-
Sample
230710-wrpxysce73
-
MD5
d88d94ea392ab31f297b8f36e2b42574
-
SHA1
1358d369303d2dcde87c1f4fdb80867c56999ac1
-
SHA256
9b7b0bf2833cd2ac65c25a30b8c3911d6c3dff2cc7a86102766b23a346486086
-
SHA512
8264e73d09b9eaafe406bb2dc6bfeb1ece7f7c0ab6011053381f1ef4a4eff8c89bdc2f7f7908bd211da884b93752118942171e81c102b1ab7fc804fe9eea5818
-
SSDEEP
6144:PCzKyj5B1ppGvd99IV1Qfv7Kn7CsfMmGy0+xklrSOZkrae2gDIRt/IlpI:PC+yF0mGy/klGXrxtkFku
Malware Config
Targets
-
-
Target
d88d94ea392ab3exeexeexeex.exe
-
Size
271KB
-
MD5
d88d94ea392ab31f297b8f36e2b42574
-
SHA1
1358d369303d2dcde87c1f4fdb80867c56999ac1
-
SHA256
9b7b0bf2833cd2ac65c25a30b8c3911d6c3dff2cc7a86102766b23a346486086
-
SHA512
8264e73d09b9eaafe406bb2dc6bfeb1ece7f7c0ab6011053381f1ef4a4eff8c89bdc2f7f7908bd211da884b93752118942171e81c102b1ab7fc804fe9eea5818
-
SSDEEP
6144:PCzKyj5B1ppGvd99IV1Qfv7Kn7CsfMmGy0+xklrSOZkrae2gDIRt/IlpI:PC+yF0mGy/klGXrxtkFku
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-