General
-
Target
1e12f76b8242600b220cc17e8180f56f
-
Size
1.1MB
-
Sample
231230-139tqaaahr
-
MD5
1e12f76b8242600b220cc17e8180f56f
-
SHA1
298bb10733b96d4cb3aeedf9eff63482fb61aa89
-
SHA256
3f1e50578251b3285556a1498f3c958c8470dc98387eb595243e331084d353b4
-
SHA512
2f1a17408283868aac7284c9a37403daa5fe8b022b29121b84b7bb2650d3dddccaa0b8dd04c1e63f24f4fdf5e5f7dbb81b4d041f96d258e0896769133ced7e46
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRx:5MMpXKb0hNGh1kG0HWnALbx
Malware Config
Targets
-
-
Target
1e12f76b8242600b220cc17e8180f56f
-
Size
1.1MB
-
MD5
1e12f76b8242600b220cc17e8180f56f
-
SHA1
298bb10733b96d4cb3aeedf9eff63482fb61aa89
-
SHA256
3f1e50578251b3285556a1498f3c958c8470dc98387eb595243e331084d353b4
-
SHA512
2f1a17408283868aac7284c9a37403daa5fe8b022b29121b84b7bb2650d3dddccaa0b8dd04c1e63f24f4fdf5e5f7dbb81b4d041f96d258e0896769133ced7e46
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRx:5MMpXKb0hNGh1kG0HWnALbx
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-