General
-
Target
778a328cc3859c1d26bf89253d76d9f2
-
Size
10.8MB
-
Sample
240126-q8m7ssgehl
-
MD5
778a328cc3859c1d26bf89253d76d9f2
-
SHA1
bba3eaecf83c96ab2de719ef1b84209f2d2afb20
-
SHA256
27ebd2d00726ee12b45299240442c82c1274241eaf7c99645e1538bec5da05ae
-
SHA512
c8d26a4f817c27eece6daa5e68579397d9c6e9f3ea2e5c16d2db6ebff810858cdb97f4d1c5c563fb3e2fdbefcceeed08d28b94b9c65fc11f8f64fc36993d7d03
-
SSDEEP
196608:p7G4BFifYizLQ8uGdbwRLTvICzcHWrUDZNEY20EK5pNDOIXKtThkn4L4aGaMeBNy:047ccGbAhcSKUi0t44BN8eGeq
Malware Config
Targets
-
-
Target
778a328cc3859c1d26bf89253d76d9f2
-
Size
10.8MB
-
MD5
778a328cc3859c1d26bf89253d76d9f2
-
SHA1
bba3eaecf83c96ab2de719ef1b84209f2d2afb20
-
SHA256
27ebd2d00726ee12b45299240442c82c1274241eaf7c99645e1538bec5da05ae
-
SHA512
c8d26a4f817c27eece6daa5e68579397d9c6e9f3ea2e5c16d2db6ebff810858cdb97f4d1c5c563fb3e2fdbefcceeed08d28b94b9c65fc11f8f64fc36993d7d03
-
SSDEEP
196608:p7G4BFifYizLQ8uGdbwRLTvICzcHWrUDZNEY20EK5pNDOIXKtThkn4L4aGaMeBNy:047ccGbAhcSKUi0t44BN8eGeq
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-