General
-
Target
8c25b0dc860a18b9ff96a9a8c8ab6468
-
Size
1.4MB
-
Sample
240203-mymazahgej
-
MD5
8c25b0dc860a18b9ff96a9a8c8ab6468
-
SHA1
947657839f9ce890667a6159f511f50f8dd560ef
-
SHA256
ebb5b56ba0b47c37b2ff05de65760214f69ef5d224869f1ccb7addf47f44a5f6
-
SHA512
d2fee0aa4db36ecacbfe5a78b8eeabd8f9337d841d7a92d640de996bdba5d98e55db50f918135fe5e58227c76836d5156b6d4384750fcc6a64cadf1b8d7f9824
-
SSDEEP
24576:8Etl9mRda1hSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvO:PEs1cM
Malware Config
Targets
-
-
Target
8c25b0dc860a18b9ff96a9a8c8ab6468
-
Size
1.4MB
-
MD5
8c25b0dc860a18b9ff96a9a8c8ab6468
-
SHA1
947657839f9ce890667a6159f511f50f8dd560ef
-
SHA256
ebb5b56ba0b47c37b2ff05de65760214f69ef5d224869f1ccb7addf47f44a5f6
-
SHA512
d2fee0aa4db36ecacbfe5a78b8eeabd8f9337d841d7a92d640de996bdba5d98e55db50f918135fe5e58227c76836d5156b6d4384750fcc6a64cadf1b8d7f9824
-
SSDEEP
24576:8Etl9mRda1hSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvO:PEs1cM
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-