Extracted

Extracted

• • Target

    07ba533a694e1733f8ef1c18ac191867382f4ca7a51244cda6ef5ec119fbfe53

  • Size

    586KB

  • MD5

    03b47131c6a809c9222de2f97e03b49e

  • SHA1

    7831520ec9797f8d776a191b2ac30bea4b9c28c0

  • SHA256

    07ba533a694e1733f8ef1c18ac191867382f4ca7a51244cda6ef5ec119fbfe53

  • SHA512

    54cc49085e2e9cadeebe4462e6906782fae221325baf2039886fe562bb2c485382453f85e1617577fd0117ab08ff718a23913db0bccdfdcfdbce854cd9a52176

  • SSDEEP

    6144:gMO1jIO0u8krJilHXIdAXEZvGLw+nmYciNXyEuxIKvqoPFZLRbUqF5jQaBlQAhb/:ROhIOR/0lHXQAlL7aIKTvl

  Score

  1^/10
  behavioral1behavioral2

• • Target

    0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d

  • Size

    179KB

  • MD5

    8e0e472d93c3ebeb725099bc1bbe0a9a

  • SHA1

    7229e11205e794c75a65587bcef040ed345b3322

  • SHA256

    0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d

  • SHA512

    74a63a29a6ea5cfd2f7983b9828dd7a78b3d16072f5e044e795404eb67a2178ac091e15c9a29bafa7b9e7426c6aa709697cb9705ff25f7e40c9597ad1758eda3

  • SSDEEP

    3072:2Rb6HWdU1NByFMuIBRC0eXLfQzueFsB0yxfWolUJFMXNsz5SkE+pbt8ICjGs:IbeBRmXLP0yJAJFMXNXyC

  Score

  8^/10

  evasionransomwarespywarestealer

  • Disables Task Manager via registry modification

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral3behavioral4

• • Target

    111fb06de858ef843c882e40f34caf958054b0eeaeea877c49a23b1111916e8b

  • Size

    662KB

  • MD5

    b6c70f89f19670923f3f490ed5331395

  • SHA1

    24c9df54d779be27508203666dc48a3fdabb0b87

  • SHA256

    111fb06de858ef843c882e40f34caf958054b0eeaeea877c49a23b1111916e8b

  • SHA512

    8a49a73c4086be3ae657452816070d7bf79dc653a9a7c783262348788ee80584c4456e3056f1427f4f1b8433de54437b996bfbede100430b2f7168c130511b0b

  • SSDEEP

    12288:IG86nitqrIT6Eqk56i258EJsUQUUJ9LBHd2Uo:57itqr3e6d18J9LBHd2n

  Score

  9^/10

  ransomwarespywarestealer

  • Renames multiple (2700) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral5behavioral6

• • Target

    2de3cea3eb6eedbec7436f426a5259d4f65374b326823feee17175407f08e7a8

  • Size

    464KB

  • MD5

    79db8a12fc1a24a70c37c4cad0c29c6b

  • SHA1

    ec6e79d2494862dd6cecbbd817926e282a6e2f4e

  • SHA256

    2de3cea3eb6eedbec7436f426a5259d4f65374b326823feee17175407f08e7a8

  • SHA512

    cbaf76ba0f245a103d3cfbd3cf3c78e353bee26931afdbde40c27355379ea9590e16aa430d9af82700fa8773cd4bb342cdfa73add60eab8ea549be7010d6f57f

  • SSDEEP

    3072:KovCvStG1V1wisbM/OmsolxIrRuw+mqv9j1MWLQL:KqgRwLg/ODAx

  Score

  1^/10
  behavioral7behavioral8

• • Target

    327a2a49164bc38c88a2d030ece9a7487b82e8a34d3f398e071654e5fcc4d7ca

  • Size

    531KB

  • MD5

    afce432f39419ac75edf95ca955d5937

  • SHA1

    948b431bdd23bd5e65f0978e56ef09061943fb07

  • SHA256

    327a2a49164bc38c88a2d030ece9a7487b82e8a34d3f398e071654e5fcc4d7ca

  • SHA512

    9dc222c083a17ead29648fdf47102c4cfb296305790453adb5acaa13519e91651b07ce74a95336ba422fecbe64f9ee3606fb8a7afc33306f0e001da936ec8fee

  • SSDEEP

    1536:ymb6YYUjUDYEmb6YYUjUDY1q2JKeDDLXf9Xt1be41hmb6YYUjUDYjij:9+yID4+yIDkxJHDDLXVXt1beEA+yIDd

  Score

  8^/10

  evasion

  • Disables Task Manager via registry modification

    evasion
  behavioral10behavioral9

• • Target

    36c10a3e1f93c4d50fb617ab7cd629bebea7ca5f827239ba98156ff88d27f7d9

  • Size

    179KB

  • MD5

    b0ca603398de86e031a781c9d7606ec5

  • SHA1

    6be006b5098f6286032ab54bf5b2549fcb859060

  • SHA256

    36c10a3e1f93c4d50fb617ab7cd629bebea7ca5f827239ba98156ff88d27f7d9

  • SHA512

    629b6c8a5bb204fdef6d14b77105cef59af3c481364577f68b240b15c18141f7d8cf239f8dd8b26a4c01b861aeca1d3a44c26c41e671581a1592012bcca33853

  • SSDEEP

    1536:6BBzTaVpK3p2oEvvHVUFWHy4h0ZX9efw1+b91RM:6BQVpKvEvPVU5ukX9l1+BzM

  Score

  1^/10
  behavioral11behavioral12

• • Target

    67bf260c3ea1e11df9c162b370cb5182d6d9d66392d90f11729c90e911404c10

  • Size

    276KB

  • MD5

    80d0e4499a2ce6ac1d3bd1d43300c506

  • SHA1

    a1ca861aacf0ef8369d7d5a169134c29f895e5ef

  • SHA256

    67bf260c3ea1e11df9c162b370cb5182d6d9d66392d90f11729c90e911404c10

  • SHA512

    e67bab4f57deb5f3cb6a227298a19c9f6d96ef0e6825be0ef9f1f3537ca7cc32e9ba4482a5f6e2240b0d6a15ee39061671d6d4928afcfb7feab09009d5e44d30

  • SSDEEP

    3072:L6ZBn8Tiju3y8TBz5c3Px/rbtYkHOG0rpPVuwq7fxZ1v:gaijqNcpqful

  Score

  8^/10

  evasionpersistencespywarestealer

  • Disables Task Manager via registry modification

    evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral13behavioral14

• • Target

    70ec1874cf1304960c0b1b828216a22704caaff23ea514c1067efe9ce4b69aac

  • Size

    188KB

  • MD5

    c924d51f5943766d54ca1c2fe0dfd3c0

  • SHA1

    4221c92cc0a689f47065dc28795969219727b82e

  • SHA256

    70ec1874cf1304960c0b1b828216a22704caaff23ea514c1067efe9ce4b69aac

  • SHA512

    1f2bb905ee4792553cd1a6d65eb22f48a157947ac9dd62d10fdc5e15f358f825d081a2f9153eae8afe576f94c4969f1e63bce2edf74a6f9cdd703e0d30ad4bc8

  • SSDEEP

    3072:F7tWE2AM+gTuJEJjy1GS52CFgPhIikuJEfUsIVp/is4cWs:htc+jJOjEGkf4fJ/d

  Score

  1^/10
  behavioral15behavioral16

• • Target

    817f5b0fcccda6756c485e463b3f0ea43bb894f866ce5cac9f7d1f065e3e1999

  • Size

    339KB

  • MD5

    f549cea3f3f2d8304b56997d241690dd

  • SHA1

    b063ea7f64513aa2ddb3b7a7ac51f9d7cba7cf18

  • SHA256

    817f5b0fcccda6756c485e463b3f0ea43bb894f866ce5cac9f7d1f065e3e1999

  • SHA512

    3beeb0c83a0acfc41f1fb6273a04145783cd69ca126d924638ec2282ff162a39cf7b65b1107311f8be3d94003897e70ed78ecf2be07cda6d63b24ca8f6e512fd

  • SSDEEP

    6144:fc0h522p3l04ZMSmIp3Uy28uhyqe/I3ahlvFJxKvN0Ic22Zh1F:nhxp3lZnT9bDuaI3ahlvFJxK1nMh1F

  Score

  7^/10

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral17behavioral18

• • Target

    875a6185aa50896f96a40c75005c849b320ef27f7332e7a2c0c2c1d3d55faff0

  • Size

    197KB

  • MD5

    05c95cefcc2292424ffc1aff84215a4e

  • SHA1

    83eeb67e6deaa063979aa5bbde7e9d9eeabab577

  • SHA256

    875a6185aa50896f96a40c75005c849b320ef27f7332e7a2c0c2c1d3d55faff0

  • SHA512

    7ae78baba3315c11e738a236f5542f0aff5a0c2232ef8e2b5d0f90582771c91ebebbb6c047c611890ae9185115e73ae476fb8403d4147924937a666075e65889

  • SSDEEP

    6144:8fkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk4:8fkkkkkkkkkkkkkkkkkkkkkkkkkkkkkL

  Score

  1^/10
  behavioral19behavioral20

• • Target

    887d386d2ea9af0c079f4010311069045df5c51d658921b2c9de81c4378b4bc6

  • Size

    519KB

  • MD5

    51ff96a2fe3ecc27f2bae4a243aca5d4

  • SHA1

    eb8a0c988de8e2ba14f9a970651424ea64b17ba0

  • SHA256

    887d386d2ea9af0c079f4010311069045df5c51d658921b2c9de81c4378b4bc6

  • SHA512

    eda5c45118bea07a697b68c3ee190e84b7b35afa65711b6fae3ac7d42acafeaa2aa8f2e4a0056887c5b1c8af6b41bd5ddb9779f11f1b66993025a4a49a293102

  • SSDEEP

    3072:aePKBpKkHYVqc4yByz3bnkzuZilMpX6Ldj1XaUrAp/GFIPFhmJnVifQRipMLh427:zKBpKAY+8nGSjemJnVZ4AT9Wy

  Score

  1^/10
  behavioral21behavioral22

• • Target

    902afe35c6ca794e8b436dad7edf142d2492abe3907055e4bd5e85ce6f617016

  • Size

    334KB

  • MD5

    4d8bdcee20a3de89ba08bd09cd4ea642

  • SHA1

    cc4ddf3a821eb13db3d45ed7e4b0b2ed35c2a22e

  • SHA256

    902afe35c6ca794e8b436dad7edf142d2492abe3907055e4bd5e85ce6f617016

  • SHA512

    024944b3910f72e80d1436627812fefb7bd4b4f3e9d541a747d549743a8edc5f279a0abf45fab6b3fc5ce47eea00b22958efa04513095c86c42efe24c450f28d

  • SSDEEP

    6144:bkv89W2QcboLPlZvqEKvSlvgXCBVnTDg3GV06rPnek63AW1g3yEXq:bk09XelZvqEKv8gXCBlPHeByyEXq

  Score

  10^/10

  evasionpersistenceransomware

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (7557) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes System State backups

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Installed Components in the registry

    persistence

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral23behavioral24

• • Target

    97b6e51df2a1187481fa28ada65be40fb6d727e0fa3b40cc6796780d680b300a

  • Size

    207KB

  • MD5

    729871063d04ce837b6b65a57f4a2153

  • SHA1

    25f77150f1d34d19afcb8e7b543d52630dee2862

  • SHA256

    97b6e51df2a1187481fa28ada65be40fb6d727e0fa3b40cc6796780d680b300a

  • SHA512

    dc1869dd47e2d1cd55a71aa589f691066b2638954c3de34a86b14dac6f66e9c004dec02355dd060b3f4eae631166e9e93c2fd786a354168a10776b3508eab575

  • SSDEEP

    3072:7ZyQGq+qT2atob56RHAKsSCLLBvAd2xLD0oVuAAg0FujoHtUjVVFOq0rO:7vRLDWkRHAKsSiPAOotUbF8O

  Score

  7^/10

  spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral25behavioral26

• • Target

    a4704be3a77f989693188a4a505b62719ffe87718f8891ab5d3e1de1b1a57572

  • Size

    565KB

  • MD5

    587163ebb29d37762be9b65b4553733a

  • SHA1

    1688aadda5db2d63fdd296edd65a8063db1a3eec

  • SHA256

    a4704be3a77f989693188a4a505b62719ffe87718f8891ab5d3e1de1b1a57572

  • SHA512

    3222f727beb7e8b5d512355863bd0d280b7a6303a1a770345e9d48b48b4c8d37f10a78085ad1d82db265c3a97c2651856366975403aa8656c0127961208b589b

  • SSDEEP

    6144:vQfvuXwa/F2wHHG/BY1oDShdi6QgEOr26QD3T:OmX37H7hA6P26Mj

  Score

  1^/10
  behavioral27behavioral28

• • Target

    b21f34ecfa7135153d506b3fde2a0d0bd23b44eccedc635cbfa474e321040273

  • Size

    352KB

  • MD5

    4f88b5e510ecbd0adefdfc87c552289c

  • SHA1

    047ec67b8e3c001086284d7176b2d239db565fb5

  • SHA256

    b21f34ecfa7135153d506b3fde2a0d0bd23b44eccedc635cbfa474e321040273

  • SHA512

    75b86d6de4bec5285559f7e9a0dbf46df48dbdf78386023e5f8668a7814bc1db5322d8bf9d306cfd65175112b94366641d671175d59d3edacc3d2b2ba802f348

  • SSDEEP

    6144:X9PrHO8306KFnBCzDIZXY3HJmui45mkA2/1:drHBpgkDuoEuXbJ

  Score

  9^/10

  persistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (112) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral29behavioral30

• • Target

    b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552

  • Size

    414KB

  • MD5

    c2ed5b0eea4e4bf833e1a5549bde2024

  • SHA1

    5b24af2e9802b503c7f41c17b561b0b6b38914d7

  • SHA256

    b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552

  • SHA512

    0519a11af45ef901e0624e5b3f3ccdf5d3c8af7ca636304d8a1e8be6af607bf3df839b95381460342ca9fa25e8ac8c511be468b22c62e23c31322ad778bbf769

  • SSDEEP

    6144:5ji4E09S/t71Pnk0vlg6D59mkwxpCkiesHjAqk55e5BT:Ji4E09qLnrbt9mCeujAJ55e5BT

  Score

  8^/10

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral31behavioral32