General
-
Target
0c77098a56ce5752bc7efb26b374cc73
-
Size
917KB
-
Sample
231230-dlbt2ahagn
-
MD5
0c77098a56ce5752bc7efb26b374cc73
-
SHA1
43b8fc6d1ed1cf1061090c1fde340adb343ed73e
-
SHA256
125a3698b36b7ffc02f95b72fe817f05a821d6d6f14789c65435fedb2b4636c2
-
SHA512
3a0c2ee970246169e17c360400380c3aa20c4ec01839904ed9d680f6c9cec21a1b71ed6fdd985bd5552a9c6e99ef65ff74378dc69e5fe0e264ec0e9ea4b0cfbb
-
SSDEEP
6144:ZiMmXRH6pXfSb0ceR/VFAHh1kgcs0HWHkyApOhP/SgljwRwdX/1H9fYavJiPZBgL:zMMpXKb0hNGh1kG0HWNAuCsltHlYzXi
Malware Config
Targets
-
-
Target
0c77098a56ce5752bc7efb26b374cc73
-
Size
917KB
-
MD5
0c77098a56ce5752bc7efb26b374cc73
-
SHA1
43b8fc6d1ed1cf1061090c1fde340adb343ed73e
-
SHA256
125a3698b36b7ffc02f95b72fe817f05a821d6d6f14789c65435fedb2b4636c2
-
SHA512
3a0c2ee970246169e17c360400380c3aa20c4ec01839904ed9d680f6c9cec21a1b71ed6fdd985bd5552a9c6e99ef65ff74378dc69e5fe0e264ec0e9ea4b0cfbb
-
SSDEEP
6144:ZiMmXRH6pXfSb0ceR/VFAHh1kgcs0HWHkyApOhP/SgljwRwdX/1H9fYavJiPZBgL:zMMpXKb0hNGh1kG0HWNAuCsltHlYzXi
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-