General
-
Target
17754786359.zip
-
Size
5.7MB
-
Sample
240623-ga5vhs1flg
-
MD5
c6757e0216d77d7b4425ec238b1c7ff4
-
SHA1
d304f97d9b77953a2a03ec6337f081ab9cb2522b
-
SHA256
3fa4a10d6132b2c7234726ce029c65ebdd605335bd29befd37118f23cec1afb3
-
SHA512
d4df9170c48459534fe73d3ab951e003888d5fa8eac1c3bc6834c32adca28d41ae697935e96ed0f8ad7bacd87e62ecc9bbac0c1179056f3022be10b1f54247bb
-
SSDEEP
98304:AiVR2NGWlwraUvwtRaEQuskGb7V/b6UNMmUY3PEMUjFaepv8X8rRFlMs1:AiVR2zqrbvQBiXZU+ENVUX8lrMG
Behavioral task
behavioral1
Sample
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
-
Size
13.4MB
-
MD5
1ce3b67e179c8420bd5b31e75b4427ca
-
SHA1
4090622f0eadc1b420aa5d55e31ca5cd45e05f12
-
SHA256
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
-
SHA512
c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
-
SSDEEP
98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn
Score10/10-
Renames multiple (1972) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-