General
-
Target
05fd1ef7a6693e0ef615b6fa4a42abeb6d7557af0e0420c13a9b2f6687f326b2
-
Size
99KB
-
Sample
240201-hfkbfafdgr
-
MD5
818517529f4a81cbccfffd7d8f5094b0
-
SHA1
300b406ea200412f0065890bf82b8a979ee39431
-
SHA256
05fd1ef7a6693e0ef615b6fa4a42abeb6d7557af0e0420c13a9b2f6687f326b2
-
SHA512
099a1c1b7d96144000ca507c8d21d9286d512dd22b8e3a876fba070771305da1985c90ee2e40ff15830630f0e922d8fe3ec8255a08605b2c181d4e1d8b8c518e
-
SSDEEP
1536:AIj4Ecw4DZkPlzf2eIKIOLLzELlH5YjeV/YsVXTwdXMRl/D2wZi+N9rz+GwEn:15HGZqlzMg/EJRVQsNL/vZBjTw
Malware Config
Targets
-
-
Target
05fd1ef7a6693e0ef615b6fa4a42abeb6d7557af0e0420c13a9b2f6687f326b2
-
Size
99KB
-
MD5
818517529f4a81cbccfffd7d8f5094b0
-
SHA1
300b406ea200412f0065890bf82b8a979ee39431
-
SHA256
05fd1ef7a6693e0ef615b6fa4a42abeb6d7557af0e0420c13a9b2f6687f326b2
-
SHA512
099a1c1b7d96144000ca507c8d21d9286d512dd22b8e3a876fba070771305da1985c90ee2e40ff15830630f0e922d8fe3ec8255a08605b2c181d4e1d8b8c518e
-
SSDEEP
1536:AIj4Ecw4DZkPlzf2eIKIOLLzELlH5YjeV/YsVXTwdXMRl/D2wZi+N9rz+GwEn:15HGZqlzMg/EJRVQsNL/vZBjTw
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (300) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-