General
-
Target
8e1b9f6b9338dd77152d76c63c3a831f8af248394b801c1581c180e359234ea8
-
Size
42KB
-
Sample
240203-vcblcagbgp
-
MD5
29595ab5f8c215d10131897ac80d031c
-
SHA1
0458bc1a7de1b43f0c333caaf90847353904ab24
-
SHA256
8e1b9f6b9338dd77152d76c63c3a831f8af248394b801c1581c180e359234ea8
-
SHA512
a6e24aab48c82e1ad4fd4c86de40451006e04e47ee8fae8367634069b190f058f9bafeb82d2b7d9a41827d498ed93a8b10385d80f91005dba69264ece5ef692e
-
SSDEEP
768:sO1oR/9VS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDELe1U1yqea2koZF:s7S1FKnDtkuImEoU1yqB2kon
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\+README-WARNING+.txt
Targets
-
-
Target
8e1b9f6b9338dd77152d76c63c3a831f8af248394b801c1581c180e359234ea8
-
Size
42KB
-
MD5
29595ab5f8c215d10131897ac80d031c
-
SHA1
0458bc1a7de1b43f0c333caaf90847353904ab24
-
SHA256
8e1b9f6b9338dd77152d76c63c3a831f8af248394b801c1581c180e359234ea8
-
SHA512
a6e24aab48c82e1ad4fd4c86de40451006e04e47ee8fae8367634069b190f058f9bafeb82d2b7d9a41827d498ed93a8b10385d80f91005dba69264ece5ef692e
-
SSDEEP
768:sO1oR/9VS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDELe1U1yqea2koZF:s7S1FKnDtkuImEoU1yqB2kon
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (2784) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops file in System32 directory
-