General
-
Target
814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f.zip
-
Size
454KB
-
Sample
240807-b6mqxsxdkn
-
MD5
b4846c3e7760fa7e3c6bb407dcc1324d
-
SHA1
a7f24a1619f4aab759aee73cb78b22d289a663bd
-
SHA256
2ddd54c5c3e3c5453b3818eff64f1cf3c207a3d2f3ef98bdf89f2c8998ac1ec1
-
SHA512
550314da63b7e3ba11b22951edc62c22dc6f71d0e4e40206dcf65dd0b616f5aa66499665af00e298800d5d8ff2297f6ec7aa2040610674b3d72ec424e4c9a08b
-
SSDEEP
12288:GU0xDYgNXcG3oPuZPyt5xbLhQIMOKDadu9oyzmzy6FZ:GU0hwPaPQXPhQAKB9P2y6FZ
Static task
static1
Behavioral task
behavioral1
Sample
814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f
-
Size
1.0MB
-
MD5
69a45130e5e5aadaae4f023c6ea37725
-
SHA1
28e1f0d8e479597f4d7b20c43bc8044482ebbc74
-
SHA256
814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f
-
SHA512
357f9b5aca858c8a77b124674c4469a760cf7db340263217d02787eebeccef3c2e13676a8fbe44336cee6b3d3ff189b12ee197f4da6584be0ec6b9cedd7dc807
-
SSDEEP
24576:6QMc/LMx3+ZoXdEwZuS2+gYUdX4h3dHt:668uZoNEwBg3XSJ
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-