General
-
Target
03bb1b910ecad829b18484ededf23259e2e91011bfe52e4ce4980fd162e95e37.exe.compressed
-
Size
99KB
-
Sample
240201-gslvcsehak
-
MD5
77b8b0c10218590ffcc66c9ed7a24d86
-
SHA1
0fe3c7ce34af6f8f172cae4cb3771dc211fb73aa
-
SHA256
c42f5fd02b8d682af47d6752d9988b28ee9e9c490c43f8bf15e344c73cbf211f
-
SHA512
74fed8357b3a390abe0f43a1fec2c5654fdf2a3034acc225cf7e76edacc484b8402f2c9d15510db213b32363c9f7be9fc4b00c3cee85db94d1ff623faa8a9e48
-
SSDEEP
1536:uIj4kWd0ni8l4ZOtIsdm+s2sQ4yFVP8eflx69g6KWmhPK39Ijs4248YaaFQ2nDgn:T6v8QOrmj211/1flQSvJhST48
Malware Config
Targets
-
-
Target
03bb1b910ecad829b18484ededf23259e2e91011bfe52e4ce4980fd162e95e37.exe.compressed
-
Size
99KB
-
MD5
77b8b0c10218590ffcc66c9ed7a24d86
-
SHA1
0fe3c7ce34af6f8f172cae4cb3771dc211fb73aa
-
SHA256
c42f5fd02b8d682af47d6752d9988b28ee9e9c490c43f8bf15e344c73cbf211f
-
SHA512
74fed8357b3a390abe0f43a1fec2c5654fdf2a3034acc225cf7e76edacc484b8402f2c9d15510db213b32363c9f7be9fc4b00c3cee85db94d1ff623faa8a9e48
-
SSDEEP
1536:uIj4kWd0ni8l4ZOtIsdm+s2sQ4yFVP8eflx69g6KWmhPK39Ijs4248YaaFQ2nDgn:T6v8QOrmj211/1flQSvJhST48
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (289) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-