General
-
Target
23d22e13b1377ac5e7ebef8e84093c1e
-
Size
3.0MB
-
Sample
231225-rba2mseefn
-
MD5
23d22e13b1377ac5e7ebef8e84093c1e
-
SHA1
58826b41b017476a87ef9bed3c9c46a4a323ab8d
-
SHA256
ee0e6a5835ceceef5c5d28a8f86ea203d67a207267cc45c0d252baba6ddad48f
-
SHA512
4e0c8bf3df61e854e0941a5a33cd4152be91485ec269993357b5bed7accf95f742f6820c06671f42e0bc2b6cb20abcbdbb22387afe33e09bfda10b934618ad62
-
SSDEEP
24576:5MMpXS0hN0V0H7MMpXS0hN0V0H/IHyeE7iixWHm1JqX:qwi0L0qIwi0L0qW+2NHm1q
Malware Config
Targets
-
-
Target
23d22e13b1377ac5e7ebef8e84093c1e
-
Size
3.0MB
-
MD5
23d22e13b1377ac5e7ebef8e84093c1e
-
SHA1
58826b41b017476a87ef9bed3c9c46a4a323ab8d
-
SHA256
ee0e6a5835ceceef5c5d28a8f86ea203d67a207267cc45c0d252baba6ddad48f
-
SHA512
4e0c8bf3df61e854e0941a5a33cd4152be91485ec269993357b5bed7accf95f742f6820c06671f42e0bc2b6cb20abcbdbb22387afe33e09bfda10b934618ad62
-
SSDEEP
24576:5MMpXS0hN0V0H7MMpXS0hN0V0H/IHyeE7iixWHm1JqX:qwi0L0qIwi0L0qW+2NHm1q
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-