General
-
Target
Flyway_Desktop.exe
-
Size
456.3MB
-
Sample
240524-r9bqtshg7t
-
MD5
42e232747eb0730cbac4b90f7605684e
-
SHA1
0390f18b8a6bde471c75c55328d11aa5392c4b28
-
SHA256
387a75173d63a7e1b2a1111ccf026d9faa3ce5b076f860d6e9d763b92adfa5d5
-
SHA512
b70fc785e991d6c9e42fae7dd65b96ca1c422e884cba7bbec539518049c05edc16755e25c4820263cac01967f6f26962606f442cd33bfce1421bc06bd0b1c9cc
-
SSDEEP
12582912:bkCGez18aaDQstWpCNEw+1IzDky1RtwJdm1W:bkCGe6aaDDW4+J1Ivky1czf
Malware Config
Targets
-
-
Target
Flyway_Desktop.exe
-
Size
456.3MB
-
MD5
42e232747eb0730cbac4b90f7605684e
-
SHA1
0390f18b8a6bde471c75c55328d11aa5392c4b28
-
SHA256
387a75173d63a7e1b2a1111ccf026d9faa3ce5b076f860d6e9d763b92adfa5d5
-
SHA512
b70fc785e991d6c9e42fae7dd65b96ca1c422e884cba7bbec539518049c05edc16755e25c4820263cac01967f6f26962606f442cd33bfce1421bc06bd0b1c9cc
-
SSDEEP
12582912:bkCGez18aaDQstWpCNEw+1IzDky1RtwJdm1W:bkCGe6aaDDW4+J1Ivky1czf
Score9/10-
Renames multiple (2339) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-