General
-
Target
01648bd95ce5d66d76d5c292ce639f0b4371402f9730b5067804ff0d3389d3b8
-
Size
148KB
-
Sample
240418-17ffnshc9x
-
MD5
8f44723c6243b90795c93b6653ba9735
-
SHA1
34270e442f37cd46db49d6896a8f154980af855f
-
SHA256
01648bd95ce5d66d76d5c292ce639f0b4371402f9730b5067804ff0d3389d3b8
-
SHA512
116b564fbf858c41a257fd9166631c25c3d59f476220d02e11793cab6f6412d8caa819c7e56720c8f2248ee5315cbcc905d11667b209ee5e7b3e8fc5cbe25438
-
SSDEEP
3072:+qJogYkcSNm9V7DcaDtRx+roDNO1NZiQtu6E+TbT:+q2kc4m9tDVt3+041NZXtu6Z
Behavioral task
behavioral1
Sample
01648bd95ce5d66d76d5c292ce639f0b4371402f9730b5067804ff0d3389d3b8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
01648bd95ce5d66d76d5c292ce639f0b4371402f9730b5067804ff0d3389d3b8.exe
Resource
win10-20240404-en
Malware Config
Extracted
C:\i0BQZsoDj.README.txt
https://getsession.org
Targets
-
-
Target
01648bd95ce5d66d76d5c292ce639f0b4371402f9730b5067804ff0d3389d3b8
-
Size
148KB
-
MD5
8f44723c6243b90795c93b6653ba9735
-
SHA1
34270e442f37cd46db49d6896a8f154980af855f
-
SHA256
01648bd95ce5d66d76d5c292ce639f0b4371402f9730b5067804ff0d3389d3b8
-
SHA512
116b564fbf858c41a257fd9166631c25c3d59f476220d02e11793cab6f6412d8caa819c7e56720c8f2248ee5315cbcc905d11667b209ee5e7b3e8fc5cbe25438
-
SSDEEP
3072:+qJogYkcSNm9V7DcaDtRx+roDNO1NZiQtu6E+TbT:+q2kc4m9tDVt3+041NZXtu6Z
Score10/10-
Renames multiple (295) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-