General
-
Target
5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006
-
Size
643KB
-
Sample
240602-2fln2shd6w
-
MD5
1a9f69b0b0537816793bb0d0c2c34791
-
SHA1
fef95a0ca0f851a4608cbc33c3bf427720eeef5f
-
SHA256
5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006
-
SHA512
01ae84534adbc79fe9cce7d9e769704d836e983e3e123f79577d0a06e88ac8471b7a834a11dfc4d37a90633e28c0aa8293960aca5a61a2d34f1f594c917da9a7
-
SSDEEP
12288:IAIuZAIuOVAIuZAIuOFNUhiHOR4LucvSFSrux88ndNtJXzLFzi0:NSXUhiHOeE8rin3thLH
Behavioral task
behavioral1
Sample
5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006
-
Size
643KB
-
MD5
1a9f69b0b0537816793bb0d0c2c34791
-
SHA1
fef95a0ca0f851a4608cbc33c3bf427720eeef5f
-
SHA256
5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006
-
SHA512
01ae84534adbc79fe9cce7d9e769704d836e983e3e123f79577d0a06e88ac8471b7a834a11dfc4d37a90633e28c0aa8293960aca5a61a2d34f1f594c917da9a7
-
SSDEEP
12288:IAIuZAIuOVAIuZAIuOFNUhiHOR4LucvSFSrux88ndNtJXzLFzi0:NSXUhiHOeE8rin3thLH
Score9/10-
Renames multiple (2846) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-