General
-
Target
63b30070ef15332f0f126d2738a02d3e.bin
-
Size
1.6MB
-
Sample
240119-dgslzseabn
-
MD5
63b30070ef15332f0f126d2738a02d3e
-
SHA1
a5427b4df977f4bf51d8dfe4bc722e4d71f6985d
-
SHA256
3aec7bd4ba55effa925a0e84e35af79b5c03068b4080f1a42ef7886ca9a46435
-
SHA512
b30ac61a6058fefe4050613702a3c3daf08ddbc5b8ae8ceef562344a7e425f21b1a263f30c4b44080b736d2216212a4a180e5fef9116df4866431cdb8c0269ca
-
SSDEEP
49152:mEs14wi0L0q7/LJL5Wj+hMMHMMMvMMZMMMlmMMMiMMMYU+2NHm1d:mE2ji0F/LR5Wj+hMMHMMMvMMZMMMlmMA
Malware Config
Targets
-
-
Target
63b30070ef15332f0f126d2738a02d3e.bin
-
Size
1.6MB
-
MD5
63b30070ef15332f0f126d2738a02d3e
-
SHA1
a5427b4df977f4bf51d8dfe4bc722e4d71f6985d
-
SHA256
3aec7bd4ba55effa925a0e84e35af79b5c03068b4080f1a42ef7886ca9a46435
-
SHA512
b30ac61a6058fefe4050613702a3c3daf08ddbc5b8ae8ceef562344a7e425f21b1a263f30c4b44080b736d2216212a4a180e5fef9116df4866431cdb8c0269ca
-
SSDEEP
49152:mEs14wi0L0q7/LJL5Wj+hMMHMMMvMMZMMMlmMMMiMMMYU+2NHm1d:mE2ji0F/LR5Wj+hMMHMMMvMMZMMMlmMA
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-