General
-
Target
afda37c82208a44ebd34730de48b316e3ff4b43db1afe5d16fda2a6b15a9caa9.exe.compressed
-
Size
99KB
-
Sample
240129-vtnbgaeha9
-
MD5
0ff84c144e5b46c9f7073b031f1c72ba
-
SHA1
54dbc69da146bd156f638ce888ab5ec0f6ad5f51
-
SHA256
7c734cc2b2369068f9d9a8d358ea3196c377d7b1a7bd3ae6765fec8c08293dba
-
SHA512
3bd15984622de375de844f6f9de034306171a68bfa89f4f3dbe102d284457d32dd349f048071021cd6b40d494a863a7e659659380cc45dacf8e4e02da24d5edc
-
SSDEEP
1536:JIj4kYfu+snbiqBKVkcH2/W3KSjY3rIjXFh5aYqBiQnecwIcx5Boe5fhRn:42qbWB3KSjiI/MBtUxNhh
Malware Config
Targets
-
-
Target
afda37c82208a44ebd34730de48b316e3ff4b43db1afe5d16fda2a6b15a9caa9.exe.compressed
-
Size
99KB
-
MD5
0ff84c144e5b46c9f7073b031f1c72ba
-
SHA1
54dbc69da146bd156f638ce888ab5ec0f6ad5f51
-
SHA256
7c734cc2b2369068f9d9a8d358ea3196c377d7b1a7bd3ae6765fec8c08293dba
-
SHA512
3bd15984622de375de844f6f9de034306171a68bfa89f4f3dbe102d284457d32dd349f048071021cd6b40d494a863a7e659659380cc45dacf8e4e02da24d5edc
-
SSDEEP
1536:JIj4kYfu+snbiqBKVkcH2/W3KSjY3rIjXFh5aYqBiQnecwIcx5Boe5fhRn:42qbWB3KSjiI/MBtUxNhh
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (292) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-