General
-
Target
e424e3ac235b4bdc894157a32a057aef20ed23600cbf68c205afaaf6d97eb965
-
Size
92KB
-
Sample
240819-cnmhwayeqb
-
MD5
e3f2aabc5b61d7dc60915fa71eca81b3
-
SHA1
a591d3c06de042826c5fc607e89c1a500dd4f601
-
SHA256
e424e3ac235b4bdc894157a32a057aef20ed23600cbf68c205afaaf6d97eb965
-
SHA512
4ef7d0150a24d7b3e1ea52d3d07dacbed3fb3c70b9c96f8fef4513de328b24729ab8f26a30e8c0669ceb4f695a5fee29ab4b05d25d25d289d36160f593f2553e
-
SSDEEP
1536:QkfdHaUdUY8dkOT6bd/ox/GGfN8x3npM31c7whkzPvhFzLt23mQXZe6lWjaUPUO3:bdHaU4qI8d/ox+GF8x97whGvl25Ze6Hy
Static task
static1
Behavioral task
behavioral1
Sample
d601d4e08bf2fd6e275b93ed87cb05846b0d914263aeeae35bf0bb0d0f353bcc.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
d601d4e08bf2fd6e275b93ed87cb05846b0d914263aeeae35bf0bb0d0f353bcc.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files\Java\jdk1.7.0_80\ ATTENTION! ALL YOUR FILES ARE ENCRYPTED!.TXT
Targets
-
-
Target
d601d4e08bf2fd6e275b93ed87cb05846b0d914263aeeae35bf0bb0d0f353bcc
-
Size
94KB
-
MD5
002a5619993588ab6b47990c7a4a237f
-
SHA1
7d9aefdfdc745a196e29ec879d774d46d6194291
-
SHA256
d601d4e08bf2fd6e275b93ed87cb05846b0d914263aeeae35bf0bb0d0f353bcc
-
SHA512
4d964cb86e6cf5164ef0f514ff65346aa5680e7574e0b2d3501801295d66fcc5407999f86e915c624678e78e1602425432697d1cb523b5900feb9c127858b892
-
SSDEEP
1536:rG39cG5yGQE0yRAo4CBsleM4Xu5Z/N/I+e7d/Cdjzr0MKwqlenOu7A/YcHT:m5xQEizCOeM4XClJI+WwUxJlenbC
-
Detects Zeppelin payload
-
Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (7416) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-