General
-
Target
63bd0665ac1a50cbca110a109d47cd042adddaa847024bbcf6a2d01727ace761.exe.compressed
-
Size
99KB
-
Sample
240128-3gj3aaecen
-
MD5
7f45f157748b76f78654b39066d68a94
-
SHA1
061ebd379346d31ebfb7b905704b942e2f6f2675
-
SHA256
16992f75de004a6400da4b04e8e70b608ffc6ca6f1da44f803a659516db22a8a
-
SHA512
8fc49d116799531bc831a24044016726d970b1b1a98a33d5ff371b0974a7bd2d162d131bf1ec8203febc316119ce82322b7706e0ad30e3682120004beb9e9cb1
-
SSDEEP
3072:LRiJSuICoVLop3pYTGGcBtkowoxxnNycSi7LTl:sguYq2GGEkowCFpZfT
Malware Config
Targets
-
-
Target
63bd0665ac1a50cbca110a109d47cd042adddaa847024bbcf6a2d01727ace761.exe.compressed
-
Size
99KB
-
MD5
7f45f157748b76f78654b39066d68a94
-
SHA1
061ebd379346d31ebfb7b905704b942e2f6f2675
-
SHA256
16992f75de004a6400da4b04e8e70b608ffc6ca6f1da44f803a659516db22a8a
-
SHA512
8fc49d116799531bc831a24044016726d970b1b1a98a33d5ff371b0974a7bd2d162d131bf1ec8203febc316119ce82322b7706e0ad30e3682120004beb9e9cb1
-
SSDEEP
3072:LRiJSuICoVLop3pYTGGcBtkowoxxnNycSi7LTl:sguYq2GGEkowCFpZfT
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (259) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-