General
-
Target
2f8947460f78ccc2184d166b62d4f46a138054d08662589881f84376950c017d
-
Size
99KB
-
Sample
240201-h54rdaebe7
-
MD5
26fbecf5b1e855fe81fb30da0abf0f5e
-
SHA1
b84f857d965df6ff862f238d8f1f356814b75c12
-
SHA256
2f8947460f78ccc2184d166b62d4f46a138054d08662589881f84376950c017d
-
SHA512
9fef3e70ec8fed0c4a453ed235a8dcef3139dd9a723db270d60d69876deb44cdf34fc18f935b8b9091fc4f3f1efd33152e728a03d388303b564f853df9019bfc
-
SSDEEP
1536:qIj47yUN3HZUR5WnPszr0MBEJVLcZL82ZTBv2caHwaCB284O+6n:3lUJHZU5WPLMBEJlcGE7aHwa
Malware Config
Targets
-
-
Target
2f8947460f78ccc2184d166b62d4f46a138054d08662589881f84376950c017d
-
Size
99KB
-
MD5
26fbecf5b1e855fe81fb30da0abf0f5e
-
SHA1
b84f857d965df6ff862f238d8f1f356814b75c12
-
SHA256
2f8947460f78ccc2184d166b62d4f46a138054d08662589881f84376950c017d
-
SHA512
9fef3e70ec8fed0c4a453ed235a8dcef3139dd9a723db270d60d69876deb44cdf34fc18f935b8b9091fc4f3f1efd33152e728a03d388303b564f853df9019bfc
-
SSDEEP
1536:qIj47yUN3HZUR5WnPszr0MBEJVLcZL82ZTBv2caHwaCB284O+6n:3lUJHZU5WPLMBEJlcGE7aHwa
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-