General
-
Target
201c60a9f34c5f0e1d1c289505129af66885affba7da11bc63d05a99efa373f9.exe
-
Size
19KB
-
Sample
240727-bh5ltszdrc
-
MD5
8330970183b2ce8194130e9d67667d19
-
SHA1
65b205a83b641679d105b87d17184188263dadbe
-
SHA256
201c60a9f34c5f0e1d1c289505129af66885affba7da11bc63d05a99efa373f9
-
SHA512
752a61f6811887d92a55ce0d53884e065a3ecc76664bd2a697c4f131c592e788145b6a79e2da8d92adc5b33a49bf4b459960b7166d17d0949e53e759d7158e3f
-
SSDEEP
384:XyrHGpeWhtZUfvhiP86kgkfmedMOaB8BYsscKR8:irBS6vyXWm0MOXscKR8
Malware Config
Targets
-
-
Target
201c60a9f34c5f0e1d1c289505129af66885affba7da11bc63d05a99efa373f9.exe
-
Size
19KB
-
MD5
8330970183b2ce8194130e9d67667d19
-
SHA1
65b205a83b641679d105b87d17184188263dadbe
-
SHA256
201c60a9f34c5f0e1d1c289505129af66885affba7da11bc63d05a99efa373f9
-
SHA512
752a61f6811887d92a55ce0d53884e065a3ecc76664bd2a697c4f131c592e788145b6a79e2da8d92adc5b33a49bf4b459960b7166d17d0949e53e759d7158e3f
-
SSDEEP
384:XyrHGpeWhtZUfvhiP86kgkfmedMOaB8BYsscKR8:irBS6vyXWm0MOXscKR8
Score9/10-
Renames multiple (1412) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-