General

  • Target

    5b25d4a61ad274d8ab9a46a260387d0ef9127641a906d8801fefcae571f80688.exe

  • Size

    707KB

  • MD5

    38c1bf186894fd293497df7d0d4e7411

  • SHA1

    b56015e57ac97dfbe77863fff831d129e221a8f4

  • SHA256

    4b5cac1704cfcffe08a8b3dc1f92dc9da36e32ba8e6342c95858a3937a10d16c

  • SHA512

    b528a07f426d2bf449ee3b7e8709a8a039a562e22337e2a36088bb85729c310796dca80e8eab70d32c1532fc84688b32a0cfc94365b2a63005696025f7c8299c

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1G84vnh:auaTmkZJ+naie5OTamgEoKxLW1Gh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5b25d4a61ad274d8ab9a46a260387d0ef9127641a906d8801fefcae571f80688.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections