General
-
Target
03db266db5b96223ef42206d57e30fa58c59e70b1d14c017422f097af1560ad1.exe
-
Size
147KB
-
Sample
240612-3rtz8szakp
-
MD5
6ac5cd70e043576b82a313273150f0d9
-
SHA1
2c3b2ed20f1e8e630c61109288bd0ac64b5e0329
-
SHA256
03db266db5b96223ef42206d57e30fa58c59e70b1d14c017422f097af1560ad1
-
SHA512
c77a84cc5ae2cf246278a736051baa44d1f15496547a2bfbba2cbd65e207b6e17a6b9fb4a221b4ec4286c4d80fa65709854cbd46d14a4548fbcf9fb72d01def5
-
SSDEEP
1536:nzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDpAv5wo3Lk6eEVNAhaxlxxFmwUk:YqJogYkcSNm9V7DpKv3L35Sslxx0wT
Malware Config
Extracted
C:\zpvmjd9JY.README.txt
Extracted
C:\zpvmjd9JY.README.txt
Targets
-
-
Target
03db266db5b96223ef42206d57e30fa58c59e70b1d14c017422f097af1560ad1.exe
-
Size
147KB
-
MD5
6ac5cd70e043576b82a313273150f0d9
-
SHA1
2c3b2ed20f1e8e630c61109288bd0ac64b5e0329
-
SHA256
03db266db5b96223ef42206d57e30fa58c59e70b1d14c017422f097af1560ad1
-
SHA512
c77a84cc5ae2cf246278a736051baa44d1f15496547a2bfbba2cbd65e207b6e17a6b9fb4a221b4ec4286c4d80fa65709854cbd46d14a4548fbcf9fb72d01def5
-
SSDEEP
1536:nzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDpAv5wo3Lk6eEVNAhaxlxxFmwUk:YqJogYkcSNm9V7DpKv3L35Sslxx0wT
Score10/10-
Renames multiple (287) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-