General
-
Target
13c788ccaa70bca1746a8e35a2d9fda5a85b7a225703801baf927b02701886f3
-
Size
42KB
-
Sample
240203-vm8zlagebk
-
MD5
e946f874088bb866c3d02e0e2fa79daf
-
SHA1
cb476dbdd8242bfbf5ce54e9d1f2ba24b73ac693
-
SHA256
13c788ccaa70bca1746a8e35a2d9fda5a85b7a225703801baf927b02701886f3
-
SHA512
158776939338a15897af7bc0cf62ad588ce96aa8db4308643a1bced8e460f3c4fcf92b16832b6981dc6f61908ede817108f5a1a29da3534a4bf85bc9ab7b088c
-
SSDEEP
768:gO1oR/LVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDT6FhUxuSqA:gpS1FKnDtkuIme7AB
Malware Config
Targets
-
-
Target
13c788ccaa70bca1746a8e35a2d9fda5a85b7a225703801baf927b02701886f3
-
Size
42KB
-
MD5
e946f874088bb866c3d02e0e2fa79daf
-
SHA1
cb476dbdd8242bfbf5ce54e9d1f2ba24b73ac693
-
SHA256
13c788ccaa70bca1746a8e35a2d9fda5a85b7a225703801baf927b02701886f3
-
SHA512
158776939338a15897af7bc0cf62ad588ce96aa8db4308643a1bced8e460f3c4fcf92b16832b6981dc6f61908ede817108f5a1a29da3534a4bf85bc9ab7b088c
-
SSDEEP
768:gO1oR/LVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDT6FhUxuSqA:gpS1FKnDtkuIme7AB
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (7541) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops file in System32 directory
-