General
-
Target
166375a14c4253exe_JC.exe
-
Size
145KB
-
Sample
230714-pbbxtsde54
-
MD5
166375a14c4253977087f9c592573f1c
-
SHA1
348676344378749ffd9296aec66c0e5d51913e51
-
SHA256
6c0f82832ffa17f3427d3967eace8041e52475003f4ba52f17ef18e17f49e6ce
-
SHA512
de4fb4c3614beef3f245885f89794d5d9d2c9b01ec00195056b2d8f6f79da2695052bd4778fca2eda9e58c0bd241f78a1026e004c8d5ee16aa439ff6802e268f
-
SSDEEP
3072:p6glyuxE4GsUPnliByocWepvSLH1wPGx:p6gDBGpvEByocWeFSLVwPO
Malware Config
Targets
-
-
Target
166375a14c4253exe_JC.exe
-
Size
145KB
-
MD5
166375a14c4253977087f9c592573f1c
-
SHA1
348676344378749ffd9296aec66c0e5d51913e51
-
SHA256
6c0f82832ffa17f3427d3967eace8041e52475003f4ba52f17ef18e17f49e6ce
-
SHA512
de4fb4c3614beef3f245885f89794d5d9d2c9b01ec00195056b2d8f6f79da2695052bd4778fca2eda9e58c0bd241f78a1026e004c8d5ee16aa439ff6802e268f
-
SSDEEP
3072:p6glyuxE4GsUPnliByocWepvSLH1wPGx:p6gDBGpvEByocWeFSLVwPO
Score9/10-
Renames multiple (7808) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (8796) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-