General
-
Target
2a1b001db330080a4e5542f2a12a36d4
-
Size
307KB
-
Sample
231231-f72zfsgde8
-
MD5
2a1b001db330080a4e5542f2a12a36d4
-
SHA1
0a07e6273f9861835b9fea5d70993b26b4e6e5c6
-
SHA256
a0e68e5de4786f682111522263ebf455bbf0f6aedc2bfa495948355832837fcc
-
SHA512
294e85260d6f2199256b8bcd8b73c535ca6685e9ff4f596c1ac223d9ac4b3d952db45cb9a965e6ba2d92bfe384520f04ccc749398a4561ec3a23566d86bbe119
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRp6k:5MMpXKb0hNGh1kG0HWnALbH
Malware Config
Targets
-
-
Target
2a1b001db330080a4e5542f2a12a36d4
-
Size
307KB
-
MD5
2a1b001db330080a4e5542f2a12a36d4
-
SHA1
0a07e6273f9861835b9fea5d70993b26b4e6e5c6
-
SHA256
a0e68e5de4786f682111522263ebf455bbf0f6aedc2bfa495948355832837fcc
-
SHA512
294e85260d6f2199256b8bcd8b73c535ca6685e9ff4f596c1ac223d9ac4b3d952db45cb9a965e6ba2d92bfe384520f04ccc749398a4561ec3a23566d86bbe119
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRp6k:5MMpXKb0hNGh1kG0HWnALbH
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-