General
-
Target
64CO.bin
-
Size
1.2MB
-
Sample
231129-bf6fcadf37
-
MD5
a80b79de02d6881d5e54afcefa38298a
-
SHA1
e0d3e2612a757ff5be818b114028a0e4bb562bc5
-
SHA256
033b4950a8f249b20eb86ec6f8f2ea0a1567bb164289d1aa7fb0ba51f9bbe46c
-
SHA512
1fbe52a0086a33a98e48f501c669f3a9e82b5795550702eb61ccc281c77ba29fe217a5897b6caf55582ca1c16d062a2d3219a596d4372c70782bc49499e0ed4f
-
SSDEEP
24576:FCLKd8jHzb9904e43wa2SZ6Es9S+Nm0m:4K099ReumEwS+
Malware Config
Targets
-
-
Target
64CO.bin
-
Size
1.2MB
-
MD5
a80b79de02d6881d5e54afcefa38298a
-
SHA1
e0d3e2612a757ff5be818b114028a0e4bb562bc5
-
SHA256
033b4950a8f249b20eb86ec6f8f2ea0a1567bb164289d1aa7fb0ba51f9bbe46c
-
SHA512
1fbe52a0086a33a98e48f501c669f3a9e82b5795550702eb61ccc281c77ba29fe217a5897b6caf55582ca1c16d062a2d3219a596d4372c70782bc49499e0ed4f
-
SSDEEP
24576:FCLKd8jHzb9904e43wa2SZ6Es9S+Nm0m:4K099ReumEwS+
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (629) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (916) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-