General
-
Target
Poraton_Support@Cyberfear.com.vexe
-
Size
121KB
-
Sample
240317-kmjplaba51
-
MD5
9eda69bc6d42ff0a9a56d74fb06a6c01
-
SHA1
6a384ff0d66089bfb89dbcad8f0a90482160c6a1
-
SHA256
34b9f323d2c6d4fc334952c365b678662dbd00cdd03babbcbe258a0ec053ffa3
-
SHA512
d192d9adcac22f429478b82e9acec92a1d1a9c2cfb65cb6e525443b5be1866baadac345f7aebe36f75563ffa05e096b09a94c9b30665336f9c82576e4efeba16
-
SSDEEP
768:M3SOA2NuHRZR4EnzsbQU4nNaFAVVnSIWkJ5gwE:T/R40zSEnNNVVtWkJKwE
Malware Config
Targets
-
-
Target
Poraton_Support@Cyberfear.com.vexe
-
Size
121KB
-
MD5
9eda69bc6d42ff0a9a56d74fb06a6c01
-
SHA1
6a384ff0d66089bfb89dbcad8f0a90482160c6a1
-
SHA256
34b9f323d2c6d4fc334952c365b678662dbd00cdd03babbcbe258a0ec053ffa3
-
SHA512
d192d9adcac22f429478b82e9acec92a1d1a9c2cfb65cb6e525443b5be1866baadac345f7aebe36f75563ffa05e096b09a94c9b30665336f9c82576e4efeba16
-
SSDEEP
768:M3SOA2NuHRZR4EnzsbQU4nNaFAVVnSIWkJ5gwE:T/R40zSEnNNVVtWkJKwE
Score9/10-
Renames multiple (8854) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-