General
-
Target
2024-08-24_6690439221e614df5e72d44dbf52379e_bkransomware
-
Size
6.6MB
-
Sample
240824-z5ln8szepg
-
MD5
6690439221e614df5e72d44dbf52379e
-
SHA1
7cb6c7de71c6352de34f80e842b9c122e7842a78
-
SHA256
56024e139c59b77064257d8f39772d91e2b3da9b6cc554b98019a5491ae2176c
-
SHA512
9ac77ede9606946609a5c72856e7d033409fe54e22c960fae607fe6c27295264a397b2847123cfbd115fac79fab882c1c6721f93cb00ca5a365c7f476572b412
-
SSDEEP
98304:IT1wsFsoedtpEXzvK2EBnY1NhZIKDszb3DGEuKQ5ELiSgXhk4ho7VSmmxI:OhbkEsY1NLINDJ8ELEXhRipQ
Malware Config
Targets
-
-
Target
2024-08-24_6690439221e614df5e72d44dbf52379e_bkransomware
-
Size
6.6MB
-
MD5
6690439221e614df5e72d44dbf52379e
-
SHA1
7cb6c7de71c6352de34f80e842b9c122e7842a78
-
SHA256
56024e139c59b77064257d8f39772d91e2b3da9b6cc554b98019a5491ae2176c
-
SHA512
9ac77ede9606946609a5c72856e7d033409fe54e22c960fae607fe6c27295264a397b2847123cfbd115fac79fab882c1c6721f93cb00ca5a365c7f476572b412
-
SSDEEP
98304:IT1wsFsoedtpEXzvK2EBnY1NhZIKDszb3DGEuKQ5ELiSgXhk4ho7VSmmxI:OhbkEsY1NLINDJ8ELEXhRipQ
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Drops file in System32 directory
-