General

  • Target

    54bcd36a6535d80d454f86794a770ddc71a339ea9e99beed3e4f11cb2996f468.exe

  • Size

    707KB

  • MD5

    04cde81b7723994dc1ec42c1cc0fcd2d

  • SHA1

    c50a80ceafe7242e678b9754c513c948c801d98a

  • SHA256

    54bcd36a6535d80d454f86794a770ddc71a339ea9e99beed3e4f11cb2996f468

  • SHA512

    19c10fa918c2bbe82f90f69598fe7a29c2cc33873544977ccacc5019177e071054282aea2e9b8acfde36b73d9f65fe8ff07b1eb1f34a88d3f23105dcfbc50129

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1y8avnh:6uaTmkZJ+naie5OTamgEoKxLWp0h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 54bcd36a6535d80d454f86794a770ddc71a339ea9e99beed3e4f11cb2996f468.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections