General
-
Target
bg.png
-
Size
116KB
-
Sample
240210-abpflahb84
-
MD5
2bb9fc2f71a0c3491ab6124fc3ad45e3
-
SHA1
184d32600d68fd45016a4a63373e9525810b7eed
-
SHA256
3bae2eb5d7e0fb4b31cebb540a028b84d6b95d6244403c481261095144c7c589
-
SHA512
db5ab20fc1530a4c4d66119151d22c118cfbc3bd14a014aeea36f6c1f27d23a8a1c1cd08a56992f663530747abbaf147bbac257dff2c6fd1afc7829f47b3ec26
-
SSDEEP
3072:KGCuxv60BZ3eZ4wgnZDTgKWzQ6/HGtZjpH5OwL0DEejRi:z1vHj3OaPrWV/HGTNH5Oy0IeFi
Static task
static1
Behavioral task
behavioral1
Sample
bg.png
Resource
win10-20231215-en
Malware Config
Targets
-
-
Target
bg.png
-
Size
116KB
-
MD5
2bb9fc2f71a0c3491ab6124fc3ad45e3
-
SHA1
184d32600d68fd45016a4a63373e9525810b7eed
-
SHA256
3bae2eb5d7e0fb4b31cebb540a028b84d6b95d6244403c481261095144c7c589
-
SHA512
db5ab20fc1530a4c4d66119151d22c118cfbc3bd14a014aeea36f6c1f27d23a8a1c1cd08a56992f663530747abbaf147bbac257dff2c6fd1afc7829f47b3ec26
-
SSDEEP
3072:KGCuxv60BZ3eZ4wgnZDTgKWzQ6/HGtZjpH5OwL0DEejRi:z1vHj3OaPrWV/HGTNH5Oy0IeFi
Score10/10-
Renames multiple (405) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-