General
-
Target
demo.7z
-
Size
3.8MB
-
Sample
231112-myqcmaff37
-
MD5
c187a67964317906c0ca397fee23edb0
-
SHA1
5cd31001fe8304f4171d2eabff6e83db265cb967
-
SHA256
596896cccc33940457c3b7067409a69279c5fadd8a442f72d01f9cfd53ac777c
-
SHA512
4e0fd27d680a4857feae2aebcaa49690702eee391d90f24fdc66832a569f8a59111a03bbba48e6f0b2bb7cdfb8de19a56e8ecaee994099990ec147877ba1e7db
-
SSDEEP
98304:T6TP0yqAerg5QxLzEHZorJC1bnY36cL1YSmxmJjEPqjJE+tm:T6hAJIHZxSSx0YPqj21
Malware Config
Targets
-
-
Target
demo.7z
-
Size
3.8MB
-
MD5
c187a67964317906c0ca397fee23edb0
-
SHA1
5cd31001fe8304f4171d2eabff6e83db265cb967
-
SHA256
596896cccc33940457c3b7067409a69279c5fadd8a442f72d01f9cfd53ac777c
-
SHA512
4e0fd27d680a4857feae2aebcaa49690702eee391d90f24fdc66832a569f8a59111a03bbba48e6f0b2bb7cdfb8de19a56e8ecaee994099990ec147877ba1e7db
-
SSDEEP
98304:T6TP0yqAerg5QxLzEHZorJC1bnY36cL1YSmxmJjEPqjJE+tm:T6hAJIHZxSSx0YPqj21
Score10/10-
Modifies WinLogon for persistence
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (1908) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (345) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-