General
-
Target
f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f
-
Size
3.9MB
-
Sample
240101-pk9kfsagbq
-
MD5
e935daaad632a9539fcddcb2839a4413
-
SHA1
96f7794f17ce6d4f4bd34242b86035728612cd6d
-
SHA256
f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f
-
SHA512
515fe24aa8203c83e58ba59621bc057da2b6f9f5529dd18fc11b5f3001503d10d06ec58d654f1446707113581c4d51d39e4144f47a7ab1a80fe609c89d8bf9c8
-
SSDEEP
49152:QqfUqBfTafqaa5Xa+Xyqr5LFZBUM2/x102UlJnI7mRkyMDiNZri3r8SZ:QqfHr+qF/C0rBN2Z/yMDiXgr
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT
https://tox.chat/
Targets
-
-
Target
f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f
-
Size
3.9MB
-
MD5
e935daaad632a9539fcddcb2839a4413
-
SHA1
96f7794f17ce6d4f4bd34242b86035728612cd6d
-
SHA256
f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f
-
SHA512
515fe24aa8203c83e58ba59621bc057da2b6f9f5529dd18fc11b5f3001503d10d06ec58d654f1446707113581c4d51d39e4144f47a7ab1a80fe609c89d8bf9c8
-
SSDEEP
49152:QqfUqBfTafqaa5Xa+Xyqr5LFZBUM2/x102UlJnI7mRkyMDiNZri3r8SZ:QqfHr+qF/C0rBN2Z/yMDiXgr
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (7784) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-