General
-
Target
af38ed0887dd21b6fc1563d9f640086e9902434b50b66833136348e334cba4cf.exe
-
Size
216KB
-
Sample
240129-vtdr2agdbj
-
MD5
3b957a9f74d88a952a5b5bb187e012bb
-
SHA1
7d3a1d8a9b61eb9a93ad8b32f90db48f05e1e168
-
SHA256
022dee1625c30fc17cfc0be7681c1866968c07378d14426da47e641caacdf00d
-
SHA512
401cd8b27d1196fbb9ffd4082219f2c8eda07864e67be3c8d3c5e7bbc40c622797314d0d3ed4be9d185b5ed8e6a48b951c66ea08e9718e12b3cf9dba6f9aa574
-
SSDEEP
3072:m17DaAz38w3vM7F6PFwgBZTGFKQ+avVe+gGooSlFC2OLKKZAFEMpo4Iv1k:Gb8FF6Pf2KQ+aVB2fJqh4Id
Malware Config
Targets
-
-
Target
af38ed0887dd21b6fc1563d9f640086e9902434b50b66833136348e334cba4cf.exe
-
Size
216KB
-
MD5
3b957a9f74d88a952a5b5bb187e012bb
-
SHA1
7d3a1d8a9b61eb9a93ad8b32f90db48f05e1e168
-
SHA256
022dee1625c30fc17cfc0be7681c1866968c07378d14426da47e641caacdf00d
-
SHA512
401cd8b27d1196fbb9ffd4082219f2c8eda07864e67be3c8d3c5e7bbc40c622797314d0d3ed4be9d185b5ed8e6a48b951c66ea08e9718e12b3cf9dba6f9aa574
-
SSDEEP
3072:m17DaAz38w3vM7F6PFwgBZTGFKQ+avVe+gGooSlFC2OLKKZAFEMpo4Iv1k:Gb8FF6Pf2KQ+aVB2fJqh4Id
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-