General
-
Target
8d5091361064ccf9dea8a658a87f25555cce08089774b628982995218d6b081e.exe.compressed
-
Size
99KB
-
Sample
240128-3zb5dsehhm
-
MD5
c671cc09124f5fdebd6d5ab320cb42d6
-
SHA1
a4ec9d5ad5d533618d77c01044a100477235f772
-
SHA256
6d4074b4267582300b8c157634bc1599dd7a79dd80149929cc08c08c04e6b34d
-
SHA512
4131ceb1b6ee9732bbc2aeaf87dfda198a5f58119ffbee64f88ca8d5a5f73b60fff065c1748b1247c1e6b90dd295857953a71a5d9321a9383b1a789ce79393a2
-
SSDEEP
1536:4Ij4ZMAim2szHhIv49A08qIPPgBvlmYkw7OOlhIWGYkb+EC3LZ9m7nDofS9Z1Gn:NsvimVzHCfqL1l57hsvYkyEooDgS
Malware Config
Targets
-
-
Target
8d5091361064ccf9dea8a658a87f25555cce08089774b628982995218d6b081e.exe.compressed
-
Size
99KB
-
MD5
c671cc09124f5fdebd6d5ab320cb42d6
-
SHA1
a4ec9d5ad5d533618d77c01044a100477235f772
-
SHA256
6d4074b4267582300b8c157634bc1599dd7a79dd80149929cc08c08c04e6b34d
-
SHA512
4131ceb1b6ee9732bbc2aeaf87dfda198a5f58119ffbee64f88ca8d5a5f73b60fff065c1748b1247c1e6b90dd295857953a71a5d9321a9383b1a789ce79393a2
-
SSDEEP
1536:4Ij4ZMAim2szHhIv49A08qIPPgBvlmYkw7OOlhIWGYkb+EC3LZ9m7nDofS9Z1Gn:NsvimVzHCfqL1l57hsvYkyEooDgS
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (293) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-