General
-
Target
84a12b237c8acc8fc9008da6c48f9a2dffd9feaa2f283968d420250235e2fb34
-
Size
99KB
-
Sample
240201-gdcyxaedhm
-
MD5
bea647bc314248d390f14df1aad251b0
-
SHA1
27697991ccd3a76a38ab7ae2420162627ea2a69b
-
SHA256
ac1aa0426969aa4f3c3303ccbdfba83047cf68e01401e04e8028006a2ddb6aab
-
SHA512
c491419e885bcac5b75456bab87ed4fbb2ad02802b0d314dda7a725c236638ad2b223a80b6856ec1e8e09360bf25b99141891c56211abbb7c1667dacb4361a27
-
SSDEEP
1536:BIj43TYRX0Y9iFAK0E+4LAyKfPKHDysmOIzSw63BtuwVZY9n:QKTYRX0M/BCAyKXmczSw63zq
Malware Config
Targets
-
-
Target
84a12b237c8acc8fc9008da6c48f9a2dffd9feaa2f283968d420250235e2fb34
-
Size
99KB
-
MD5
bea647bc314248d390f14df1aad251b0
-
SHA1
27697991ccd3a76a38ab7ae2420162627ea2a69b
-
SHA256
ac1aa0426969aa4f3c3303ccbdfba83047cf68e01401e04e8028006a2ddb6aab
-
SHA512
c491419e885bcac5b75456bab87ed4fbb2ad02802b0d314dda7a725c236638ad2b223a80b6856ec1e8e09360bf25b99141891c56211abbb7c1667dacb4361a27
-
SSDEEP
1536:BIj43TYRX0Y9iFAK0E+4LAyKfPKHDysmOIzSw63BtuwVZY9n:QKTYRX0M/BCAyKXmczSw63zq
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (322) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-