General
-
Target
af38ed0887dd21b6fc1563d9f640086e9902434b50b66833136348e334cba4cf.exe.compressed
-
Size
99KB
-
Sample
240129-vtg5fsgdbk
-
MD5
dabe37ff7ed1e9326a038e12d03463a2
-
SHA1
c9dabd1e0adaad4193174855cd36d5cf7508fdae
-
SHA256
811779255cd9c96de8c81767e51498cf7de7bff7c5fc0b80edcb03aff3ab9e7b
-
SHA512
c2b51080205c56ef5e9e9764a09be5b9f689d8b1ead16409bc8347b365074b6473f45d756049829f9ca3b82e1fef36d3b72675e0fa9688e1784b8813b84387bc
-
SSDEEP
3072:810il4g8mVlwT9+0Eyos1qdHUY1ft0RMA:UJldlG+HlHh0
Malware Config
Targets
-
-
Target
af38ed0887dd21b6fc1563d9f640086e9902434b50b66833136348e334cba4cf.exe.compressed
-
Size
99KB
-
MD5
dabe37ff7ed1e9326a038e12d03463a2
-
SHA1
c9dabd1e0adaad4193174855cd36d5cf7508fdae
-
SHA256
811779255cd9c96de8c81767e51498cf7de7bff7c5fc0b80edcb03aff3ab9e7b
-
SHA512
c2b51080205c56ef5e9e9764a09be5b9f689d8b1ead16409bc8347b365074b6473f45d756049829f9ca3b82e1fef36d3b72675e0fa9688e1784b8813b84387bc
-
SSDEEP
3072:810il4g8mVlwT9+0Eyos1qdHUY1ft0RMA:UJldlG+HlHh0
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (295) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-