General
-
Target
myfile-ok.exe
-
Size
12KB
-
Sample
240310-exjvfsca59
-
MD5
8c244ebd49a18b4bfc0cf546ee42ee9f
-
SHA1
653f4a37d6f66d6c2fc8551c1b31429db299c257
-
SHA256
9ac20a04dc317e557f7d67a9cba24fea43b242654d83219dd73e0f0bdef2ff16
-
SHA512
940520863e506d6b246de6cfcf33ffeafcb0c54407fbd03f3391cbda719838a5860d7c7d6690c7bbb50b8159bed14be5f93e3d101bc5582f6fff2237b20aef9c
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCy00T:eebFNw4Pk1itKkpAjjI2YpdmCy
Malware Config
Targets
-
-
Target
myfile-ok.exe
-
Size
12KB
-
MD5
8c244ebd49a18b4bfc0cf546ee42ee9f
-
SHA1
653f4a37d6f66d6c2fc8551c1b31429db299c257
-
SHA256
9ac20a04dc317e557f7d67a9cba24fea43b242654d83219dd73e0f0bdef2ff16
-
SHA512
940520863e506d6b246de6cfcf33ffeafcb0c54407fbd03f3391cbda719838a5860d7c7d6690c7bbb50b8159bed14be5f93e3d101bc5582f6fff2237b20aef9c
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCy00T:eebFNw4Pk1itKkpAjjI2YpdmCy
Score9/10-
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-