General
-
Target
b63b5c96136e30f057ae19afcf39f8ade8213b4b25e2b4fee716eb66b7a77a4a
-
Size
99KB
-
Sample
240201-gehwjsceb3
-
MD5
04eb5ea6a45eb545c566d64fd44b0843
-
SHA1
7fd4e33375f378446b37e30cd32f2b99289b6d42
-
SHA256
4ba066fa2f15ab68d1d79caa4aa7162817febe198322b38af459378437890a9e
-
SHA512
e01f8e15467ace8d6723dffd9c45e030080090372cd73fc18efe2468ee04d2e654bba1bd4315e8479d81f7542cf3f034590ab0c2dea6a6a7750dbf0930cd545c
-
SSDEEP
1536:KIj4Djw4DZkPlzf2eIKIOLLzELlH5YjeV/YsVXTwdXMRl/D2wZi+N9rz+GwKn:XVGZqlzMg/EJRVQsNL/vZBjTw
Malware Config
Targets
-
-
Target
b63b5c96136e30f057ae19afcf39f8ade8213b4b25e2b4fee716eb66b7a77a4a
-
Size
99KB
-
MD5
04eb5ea6a45eb545c566d64fd44b0843
-
SHA1
7fd4e33375f378446b37e30cd32f2b99289b6d42
-
SHA256
4ba066fa2f15ab68d1d79caa4aa7162817febe198322b38af459378437890a9e
-
SHA512
e01f8e15467ace8d6723dffd9c45e030080090372cd73fc18efe2468ee04d2e654bba1bd4315e8479d81f7542cf3f034590ab0c2dea6a6a7750dbf0930cd545c
-
SSDEEP
1536:KIj4Djw4DZkPlzf2eIKIOLLzELlH5YjeV/YsVXTwdXMRl/D2wZi+N9rz+GwKn:XVGZqlzMg/EJRVQsNL/vZBjTw
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (304) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-