General
-
Target
e6cdef1da97ea607ea91155ef24a806e6e204b1b82e62768490541b335b53eb4.exe
-
Size
632KB
-
Sample
240726-hgt72awaka
-
MD5
dce1689a2961ab5bfd7877861add364d
-
SHA1
77b88b99120b9a7cb9aa62db0cb4e787f16697cd
-
SHA256
e6cdef1da97ea607ea91155ef24a806e6e204b1b82e62768490541b335b53eb4
-
SHA512
c54a8fc4568cb313d312b7f2899d8a9f60b5a3aea1fef223bea40772574eb916f5357225c9f8e87d11aad6632d35bc704ec563eb3ff1d9faea414fd731a72683
-
SSDEEP
6144:382p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwNu:Tp4pNfz3ymJnJ8QCFkxCaQTOlOb4b1YI
Malware Config
Targets
-
-
Target
e6cdef1da97ea607ea91155ef24a806e6e204b1b82e62768490541b335b53eb4.exe
-
Size
632KB
-
MD5
dce1689a2961ab5bfd7877861add364d
-
SHA1
77b88b99120b9a7cb9aa62db0cb4e787f16697cd
-
SHA256
e6cdef1da97ea607ea91155ef24a806e6e204b1b82e62768490541b335b53eb4
-
SHA512
c54a8fc4568cb313d312b7f2899d8a9f60b5a3aea1fef223bea40772574eb916f5357225c9f8e87d11aad6632d35bc704ec563eb3ff1d9faea414fd731a72683
-
SSDEEP
6144:382p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwNu:Tp4pNfz3ymJnJ8QCFkxCaQTOlOb4b1YI
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-