Resubmissions
07-05-2024 13:01
240507-p9hs2abd43 907-05-2024 13:01
240507-p9g7habd39 907-05-2024 13:01
240507-p9gwqsgg5t 907-05-2024 13:01
240507-p9fzfabd38 907-05-2024 13:01
240507-p9fnnsbd36 707-05-2024 13:01
240507-p9e25sgg5s 907-05-2024 13:01
240507-p9eflsbd33 907-05-2024 13:01
240507-p9cl1sgg4z 907-05-2024 07:58
240507-jtv6jaae93 907-05-2024 07:58
240507-jtt88sff61 7General
-
Target
4.29-2_timeout_onexe.exe
-
Size
154.7MB
-
Sample
240429-rszrbscg62
-
MD5
591bda036d315c52dd47d865d1f27215
-
SHA1
f28186b5e32ad3b919075a39ef8467381229e36f
-
SHA256
e045745e3427a5c6a64291ec6eb8c71f15961a5a4247ec9b07ddf040d3ec2eec
-
SHA512
59d8833cf13e39f3bc6a60436dd7b67aee217e79ab737243321bf209decf1e9d5e9b0c4eb6fa390440dfad7744d94e6cd8fe95dd4cbf937ba84df954cb2089cd
-
SSDEEP
3145728:ENU5azpUaH5sLtzPVggXepw/V0s9AcjnDiBOEA+XnNOr1XW4TcIOaya/Z:EbsLtzPmgAKWs9XjnDiBLAUnNOr1XW4S
Malware Config
Targets
-
-
Target
4.29-2_timeout_onexe.exe
-
Size
154.7MB
-
MD5
591bda036d315c52dd47d865d1f27215
-
SHA1
f28186b5e32ad3b919075a39ef8467381229e36f
-
SHA256
e045745e3427a5c6a64291ec6eb8c71f15961a5a4247ec9b07ddf040d3ec2eec
-
SHA512
59d8833cf13e39f3bc6a60436dd7b67aee217e79ab737243321bf209decf1e9d5e9b0c4eb6fa390440dfad7744d94e6cd8fe95dd4cbf937ba84df954cb2089cd
-
SSDEEP
3145728:ENU5azpUaH5sLtzPVggXepw/V0s9AcjnDiBOEA+XnNOr1XW4TcIOaya/Z:EbsLtzPmgAKWs9XjnDiBLAUnNOr1XW4S
Score9/10-
Renames multiple (64) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-