General
-
Target
363a874ff177178c253703158028e6952de442771323571f1d988e4bd1fa1685.exe
-
Size
216KB
-
Sample
240128-2pexvsdddq
-
MD5
2aa4112f7bfc81e67762e90befac5a9c
-
SHA1
7ae855b685ecf6f1d4d54e90b63b41577e360f06
-
SHA256
d6025e7870ea35a84ed3e202c038eedeb98c48989f4215b1cdba0e7b883a7dbe
-
SHA512
087092b47b688577b6cd83a37cb681af8ceee403ef310b1916940034d866929b8fc2c4220ea3520e16f03cc6ece5622e03d861c05de00e896884548d15155f4f
-
SSDEEP
3072:m17DaAz38w3vT7F6PFwgBZTGFKQ+avVe+gGooSlFC2OLKKZAFEMpo4Iv1k:Gb8eF6Pf2KQ+aVB2fJqh4Id
Malware Config
Targets
-
-
Target
363a874ff177178c253703158028e6952de442771323571f1d988e4bd1fa1685.exe
-
Size
216KB
-
MD5
2aa4112f7bfc81e67762e90befac5a9c
-
SHA1
7ae855b685ecf6f1d4d54e90b63b41577e360f06
-
SHA256
d6025e7870ea35a84ed3e202c038eedeb98c48989f4215b1cdba0e7b883a7dbe
-
SHA512
087092b47b688577b6cd83a37cb681af8ceee403ef310b1916940034d866929b8fc2c4220ea3520e16f03cc6ece5622e03d861c05de00e896884548d15155f4f
-
SSDEEP
3072:m17DaAz38w3vT7F6PFwgBZTGFKQ+avVe+gGooSlFC2OLKKZAFEMpo4Iv1k:Gb8eF6Pf2KQ+aVB2fJqh4Id
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (297) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-