Extracted

• • Target

    88880508fdcc246011c53f8a652d295e9cb95202bb92c7a02e463c405862e86a

  • Size

    1.7MB

  • MD5

    5f1977ff2e710323036df5bf5fd7df2b

  • SHA1

    cf856ca9dfee5a3935d5e7ad192044438ab6c500

  • SHA256

    88880508fdcc246011c53f8a652d295e9cb95202bb92c7a02e463c405862e86a

  • SHA512

    8cc6808e0285a73ca90f4247982e1ee635f492a54929bad49c55ebe45f3ba45eba80777043085b811e91ceb72fab744af6e9bc93185b7450a44323886efa743a

  • SSDEEP

    49152:2svcOp7uaMh54agPw0Ic02gRotHcBWJz9FNFU:2s0KCHDdg40I9LsFQ

  Score

  10^/10

  evasionransomwarespywarestealer

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (837) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes system backups

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2