General
-
Target
99df57dfbea20aabe363880940861e58
-
Size
7.9MB
-
Sample
240213-xftx7sgg34
-
MD5
99df57dfbea20aabe363880940861e58
-
SHA1
43819c3da13e5441025d7b9e433dd58227db6074
-
SHA256
6f0ff6b48f67082fb42d6a48c5c5ce8d8ff7213560fea2e52b76f9f8efc102f2
-
SHA512
2f953d6cdbf65e60f900bc656bcf5deda45dc6da6c88e357d87500a2a8c75dcc9fa7a8841cb07764d1a660b1487cd3885b86b502ee3c54dc2a6916defbffaa03
-
SSDEEP
49152:iEs1CzRB8NIMI8Sfpwotkzaxc1OGz8hB8NIMI8Sfpwotkzaxc1OGz8:iE2tIMzKpXOMGQ+IMzKpXOMGQ
Malware Config
Targets
-
-
Target
99df57dfbea20aabe363880940861e58
-
Size
7.9MB
-
MD5
99df57dfbea20aabe363880940861e58
-
SHA1
43819c3da13e5441025d7b9e433dd58227db6074
-
SHA256
6f0ff6b48f67082fb42d6a48c5c5ce8d8ff7213560fea2e52b76f9f8efc102f2
-
SHA512
2f953d6cdbf65e60f900bc656bcf5deda45dc6da6c88e357d87500a2a8c75dcc9fa7a8841cb07764d1a660b1487cd3885b86b502ee3c54dc2a6916defbffaa03
-
SSDEEP
49152:iEs1CzRB8NIMI8Sfpwotkzaxc1OGz8hB8NIMI8Sfpwotkzaxc1OGz8:iE2tIMzKpXOMGQ+IMzKpXOMGQ
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-