General
-
Target
b95cc421ef10db3b98e0e67fbc1c01c0N.exe
-
Size
195KB
-
Sample
240814-jf858sverp
-
MD5
b95cc421ef10db3b98e0e67fbc1c01c0
-
SHA1
e6563c3f6ccf608f1df56885338e409aa947b37b
-
SHA256
cadc51f1869359f2c0fa2d0a5f8fbe28e47ca829e734f05e7e9d5a0b67a82349
-
SHA512
df7d952dfd9f6ad8f62a0f154f835f47b900ddda44b3583d0120511da17254b97cb865b6ee6112ce75b0e87d7dd67b0e81b58f68dda389731a09159a8025d762
-
SSDEEP
6144:RqlIyFESWu0SWu86jYh2x2ZqlIyFESWu0SWu86jYh2x20:tyW6jYwglyW6jYwg0
Malware Config
Targets
-
-
Target
b95cc421ef10db3b98e0e67fbc1c01c0N.exe
-
Size
195KB
-
MD5
b95cc421ef10db3b98e0e67fbc1c01c0
-
SHA1
e6563c3f6ccf608f1df56885338e409aa947b37b
-
SHA256
cadc51f1869359f2c0fa2d0a5f8fbe28e47ca829e734f05e7e9d5a0b67a82349
-
SHA512
df7d952dfd9f6ad8f62a0f154f835f47b900ddda44b3583d0120511da17254b97cb865b6ee6112ce75b0e87d7dd67b0e81b58f68dda389731a09159a8025d762
-
SSDEEP
6144:RqlIyFESWu0SWu86jYh2x2ZqlIyFESWu0SWu86jYh2x20:tyW6jYwglyW6jYwg0
Score9/10-
Renames multiple (3289) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-