General
-
Target
fixer (2).exe
-
Size
180KB
-
Sample
240425-jjfm4agh47
-
MD5
db1841bfa15492d1f6a4b46e921068a4
-
SHA1
9526c45f7a9d59e0a5dda1b57ddbaf8425716e9e
-
SHA256
176b2fbe38f0d14ee68c65c56e2731646473c0f51e92d3affd2048959fab6bd8
-
SHA512
22110b41d057696ed5604c84fb40c881024cc8bb045135e258e6f7b0c5baac29d40b7b2b4cb1c4a3391ab2944b43c6b293ec628901abf6447124404111e41b18
-
SSDEEP
3072:jh+8/+IVkJZ5UkcGkKLv/YiJlNZ9pshMniWGkJAPXsPzljLD3rv8Gz:jh95UZ5L8KL3YirfbshMiWFusPzljLDV
Static task
static1
Behavioral task
behavioral1
Sample
fixer (2).exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fixer (2).exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fixer (2).exe
-
Size
180KB
-
MD5
db1841bfa15492d1f6a4b46e921068a4
-
SHA1
9526c45f7a9d59e0a5dda1b57ddbaf8425716e9e
-
SHA256
176b2fbe38f0d14ee68c65c56e2731646473c0f51e92d3affd2048959fab6bd8
-
SHA512
22110b41d057696ed5604c84fb40c881024cc8bb045135e258e6f7b0c5baac29d40b7b2b4cb1c4a3391ab2944b43c6b293ec628901abf6447124404111e41b18
-
SSDEEP
3072:jh+8/+IVkJZ5UkcGkKLv/YiJlNZ9pshMniWGkJAPXsPzljLD3rv8Gz:jh95UZ5L8KL3YirfbshMiWFusPzljLDV
Score9/10-
Renames multiple (1280) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-