General
-
Target
afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.zip
-
Size
106KB
-
Sample
240418-wp4y4acb5x
-
MD5
05f0ed02d9c855f6758edf858354964d
-
SHA1
d0c1e034661f6e26e8bb8b828cd3eb31e5282ad4
-
SHA256
1c2cd97c6e7826df5b0281dcf54a65068a9a1caf4224ebba739a86a54dc51665
-
SHA512
f832829ab3c0424bbf5f772c0202451bc6765c62636e2e202fee6c57b1aa8c5ffc0ef13c14eed126948c4e2dd0b841455689048e725e7a37ef28c67d4f8e90da
-
SSDEEP
3072:wlmOTMSU9KLh2k4WZlvxPWuaqxLAYIje5dw:H3SUgp/zxt0YX5dw
Malware Config
Targets
-
-
Target
afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
-
Size
164KB
-
MD5
08b304d01220f9de63244b4666621bba
-
SHA1
b7f9dd8ee3434b35fbb3395f69ff43fd5112a0c6
-
SHA256
afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e
-
SHA512
162cc0fb48615c67ce6e104ca462c41aba79bad0d5409e837b300cffc34a1c9bed63f603eee7091b93edfcd772d8ab1e180fcb3aae6b07fe24413b8505815ae9
-
SSDEEP
3072:fHynAdzu0t5GtE13lkAB9z3KJZ3fCI1AjZ7yXgpiqQp:fHKautY3TzaJZarjZeXgpn
Score10/10-
HydraCrypt
Relatively unsophisticated ransomware family based on leaked CrypBoss source code.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (881) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-