General
-
Target
08773b5f31449ff1b463313333bbc4f1ecf277f62ae6c91aec8d39fb6cf3b55c.exe.compressed
-
Size
99KB
-
Sample
240128-x3snnaaaam
-
MD5
0f9f1e436b6e522344ad11eaa386d372
-
SHA1
082b766e39b3bcb2e797a75b0a53c592109b944c
-
SHA256
cd91259944caf9897afdbe1b2cbca2fce96b743b57a4fac1dd77f2b86f6de664
-
SHA512
16d7ca616e01505b777baeea6059197b9f900d76601a182dfda243430d4cd21cbf648952d0ce0cc7e87b40acfc002c69baf243901280abe1eb1a098510234923
-
SSDEEP
1536:0Ij4MsNwRQM0nAK/ZEm4trpY0F88iEnpkhj6mgLa8ae1gDkL8Vfn88cn:x7sJMsxEppHkhu/aeYsmh
Malware Config
Targets
-
-
Target
08773b5f31449ff1b463313333bbc4f1ecf277f62ae6c91aec8d39fb6cf3b55c.exe.compressed
-
Size
99KB
-
MD5
0f9f1e436b6e522344ad11eaa386d372
-
SHA1
082b766e39b3bcb2e797a75b0a53c592109b944c
-
SHA256
cd91259944caf9897afdbe1b2cbca2fce96b743b57a4fac1dd77f2b86f6de664
-
SHA512
16d7ca616e01505b777baeea6059197b9f900d76601a182dfda243430d4cd21cbf648952d0ce0cc7e87b40acfc002c69baf243901280abe1eb1a098510234923
-
SSDEEP
1536:0Ij4MsNwRQM0nAK/ZEm4trpY0F88iEnpkhj6mgLa8ae1gDkL8Vfn88cn:x7sJMsxEppHkhu/aeYsmh
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (292) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-