General
-
Target
86911663486fc7d034f1b5744d4450eec0130f29c8a40be96d0c745c21b14dea
-
Size
80KB
-
Sample
240726-abydhawglf
-
MD5
ded14f2aae54e0d62287ea802e0395f7
-
SHA1
6dc3107c469067e718d5455ed0a44f4625ec3c39
-
SHA256
86911663486fc7d034f1b5744d4450eec0130f29c8a40be96d0c745c21b14dea
-
SHA512
7ebc955567df696dfa004c3a24858dd0b815173bb528a4783f2ac83500e257c01b31f4bddd39a7ef75924e5c98d74470d42fe7590b18afc28a68b9e405cefd98
-
SSDEEP
1536:EyxaBesGtpKQpWxmxlNy79ph2WHJfKXVBkuSlA/V5vVIQS7AFL:EyxaUsGpKAWxmxlwphjJfKXVBvX9S7u
Malware Config
Targets
-
-
Target
86911663486fc7d034f1b5744d4450eec0130f29c8a40be96d0c745c21b14dea
-
Size
80KB
-
MD5
ded14f2aae54e0d62287ea802e0395f7
-
SHA1
6dc3107c469067e718d5455ed0a44f4625ec3c39
-
SHA256
86911663486fc7d034f1b5744d4450eec0130f29c8a40be96d0c745c21b14dea
-
SHA512
7ebc955567df696dfa004c3a24858dd0b815173bb528a4783f2ac83500e257c01b31f4bddd39a7ef75924e5c98d74470d42fe7590b18afc28a68b9e405cefd98
-
SSDEEP
1536:EyxaBesGtpKQpWxmxlNy79ph2WHJfKXVBkuSlA/V5vVIQS7AFL:EyxaUsGpKAWxmxlwphjJfKXVBvX9S7u
Score9/10-
Renames multiple (217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-