General
-
Target
41e48ab0a542c733e1825705d8b6346c
-
Size
533KB
-
Sample
240104-zqx4qabecl
-
MD5
41e48ab0a542c733e1825705d8b6346c
-
SHA1
5a24f2bfa964577538307390f303e49ca8ffcd65
-
SHA256
9dbc93c5c4d375ef336f38f29311099229c8b93ba6106baa034ca6ef21ac4ec2
-
SHA512
c411b19d38d266eadd8daef8ae54b996630a46670d43c93e5115d94a7557f3588e971f9b0a397ee12b48d3fbc5f480b6522f01aadcced98bfaf21619f5db948b
-
SSDEEP
6144:282p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilK:gp4pNfz3ymJnJ8QCFkxCaQTOl2GVqi
Malware Config
Targets
-
-
Target
41e48ab0a542c733e1825705d8b6346c
-
Size
533KB
-
MD5
41e48ab0a542c733e1825705d8b6346c
-
SHA1
5a24f2bfa964577538307390f303e49ca8ffcd65
-
SHA256
9dbc93c5c4d375ef336f38f29311099229c8b93ba6106baa034ca6ef21ac4ec2
-
SHA512
c411b19d38d266eadd8daef8ae54b996630a46670d43c93e5115d94a7557f3588e971f9b0a397ee12b48d3fbc5f480b6522f01aadcced98bfaf21619f5db948b
-
SSDEEP
6144:282p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilK:gp4pNfz3ymJnJ8QCFkxCaQTOl2GVqi
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-