General
-
Target
18baedf43f4a68455e8d36b657aff03c.bin
-
Size
105KB
-
Sample
240110-bhfmpscbd7
-
MD5
b47b842d5840de6235d5e5b29ceb5c71
-
SHA1
ebbe901a4bbcc91a2a25ff4557e9ed9ccf62ee03
-
SHA256
80a8fca48762863e3b433253adad16545130d1eadcb3d972f952ed62a82f6f11
-
SHA512
e8111495fc02dcf23e0c1989731419ef91099f791cf5d622fb87933257fbb6bf0feb36239bc5e4aaa6eb30852f16ea104cbd349648ce78f8d58a74fb4bc62e41
-
SSDEEP
3072:GgVBYpFz7SuX0jdfBdtoX+fED9vdTVhcu:GgD0Suk5TeXsEvdVhcu
Static task
static1
Behavioral task
behavioral1
Sample
9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc.exe
-
Size
216KB
-
MD5
18baedf43f4a68455e8d36b657aff03c
-
SHA1
5770b7c3931f6ed12650ad27b7fb2bf0752b80dc
-
SHA256
9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc
-
SHA512
3c3161e2b209b7589be33be288076af6b0e81c000ab66f7eb184ce54114b7e4687cc33e95bc9daf8b61394d8f847f85858bf0c978dbf829c0cd1fd9620231d4e
-
SSDEEP
3072:h17DaAz38w3vQ7F6PFwgBZTGFKQ+avVe+gGooSlFC2OLKKZAFEMpo4Iv1k:Fb8JF6Pf2KQ+aVB2fJqh4Id
Score9/10-
Renames multiple (280) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-