Extracted

• • Target

    2023-07-15_3882feced4dec87fbf8780c44d15ea5e_zeppelin

  • Size

    225KB

  • MD5

    3882feced4dec87fbf8780c44d15ea5e

  • SHA1

    b6b92728e0a0fb2d95bec468709c11c4c2faf9f4

  • SHA256

    b8355b2216b7bb60a7d421a57de257fd251f0f7a20c861bf91693233117e5f2d

  • SHA512

    9d0703bbe3aadc8bd88a4153c7b7f45dd5c599e45fa78b1c50576701497b86021bb87cb3a197883ca9e5973f08f3fa3ece75302d655eecb07355efee8b15f44d

  • SSDEEP

    6144:YSK1AqRHi/EXtw+apQ3an64DQFu/U3buRKlemZ9DnGAeOhoHwN+c:YosHiGWRpQb4DQFu/U3buRKlemZ9DnGm

  Score

  10^/10

  zeppelinevasionransomware

  • Detects Zeppelin payload

  • Zeppelin Ransomware

    Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.

    ransomwarezeppelin

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (2985) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Renames multiple (7443) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Stops running service(s)

    evasion

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2