General
-
Target
aaf191270b2d4232700ec46ea63f8545a4bb71a30d2d02ea6400866e79a821cf.exe.compressed
-
Size
99KB
-
Sample
240129-vrkgssege6
-
MD5
88e9fd1ec8612415e78c1aa3f6997fa0
-
SHA1
2246d3e577f4cff0f82f3d96b79e88f4a2571f6b
-
SHA256
de495c63e823527161434f283f50d5f9caad2893da00a3b2d305a0e2a9c1ba77
-
SHA512
0b9858dc0500d8ac3dfcfab9f7121dba98e17273d57814fa4fa55bfd13e81a11124497c524bdc4844d041c91caafe901e9a96cfb0b908c9bf676384bd6f341f7
-
SSDEEP
3072:L29omcf9qy10Ve79MJAqLg39Xs/6zMQKE/O:iKmi11f79MJAqsNXNzMQKQO
Malware Config
Targets
-
-
Target
aaf191270b2d4232700ec46ea63f8545a4bb71a30d2d02ea6400866e79a821cf.exe.compressed
-
Size
99KB
-
MD5
88e9fd1ec8612415e78c1aa3f6997fa0
-
SHA1
2246d3e577f4cff0f82f3d96b79e88f4a2571f6b
-
SHA256
de495c63e823527161434f283f50d5f9caad2893da00a3b2d305a0e2a9c1ba77
-
SHA512
0b9858dc0500d8ac3dfcfab9f7121dba98e17273d57814fa4fa55bfd13e81a11124497c524bdc4844d041c91caafe901e9a96cfb0b908c9bf676384bd6f341f7
-
SSDEEP
3072:L29omcf9qy10Ve79MJAqLg39Xs/6zMQKE/O:iKmi11f79MJAqsNXNzMQKQO
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (282) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-