General
-
Target
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
Size
128KB
-
Sample
240625-phcgyayhqe
-
MD5
99e949ddd57dbc19457eba5f235516f3
-
SHA1
99f9270e85ec53b8dada459279d30e8b169462c1
-
SHA256
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
SHA512
4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41
-
SSDEEP
3072:pfco6OkRGbNsjjZviLhrafY1Cv95dzo5:pf6OwGBs3Z6LhrqYGNzo
Behavioral task
behavioral1
Sample
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Program Files\DVD Maker\How to decrypt files.txt
targetcompany
http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact
Targets
-
-
Target
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
Size
128KB
-
MD5
99e949ddd57dbc19457eba5f235516f3
-
SHA1
99f9270e85ec53b8dada459279d30e8b169462c1
-
SHA256
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
SHA512
4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41
-
SSDEEP
3072:pfco6OkRGbNsjjZviLhrafY1Cv95dzo5:pf6OwGBs3Z6LhrqYGNzo
-
TargetCompany,Mallox
TargetCompany (aka Mallox) is a ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (6841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-