General
-
Target
ransomware.exe
-
Size
28.5MB
-
Sample
240904-aer1ws1bkl
-
MD5
1043f4a46c1e9a104751e84a6e6e76f8
-
SHA1
810f280dd554abc962a55b3531ade973360df8b3
-
SHA256
529f38f3397fe281d5a0c1030d474902989f7ca79a7ca1bcab1fcafe27bf6ad4
-
SHA512
766158c5a767f8529e8d18fbb1ccc263703b5e48c51e6be8591970e83cf340f9c9ab4d82964457706643abea1544ab52f76b0dbeaa4af5e05a7a719c86b2949a
-
SSDEEP
786432:xwgoW8kHhyVmdG+nUU0sc6yL2WEsOd9NZ0YmxEm:27W5hyVQGsOX6yiWUcxE
Malware Config
Targets
-
-
Target
ransomware.exe
-
Size
28.5MB
-
MD5
1043f4a46c1e9a104751e84a6e6e76f8
-
SHA1
810f280dd554abc962a55b3531ade973360df8b3
-
SHA256
529f38f3397fe281d5a0c1030d474902989f7ca79a7ca1bcab1fcafe27bf6ad4
-
SHA512
766158c5a767f8529e8d18fbb1ccc263703b5e48c51e6be8591970e83cf340f9c9ab4d82964457706643abea1544ab52f76b0dbeaa4af5e05a7a719c86b2949a
-
SSDEEP
786432:xwgoW8kHhyVmdG+nUU0sc6yL2WEsOd9NZ0YmxEm:27W5hyVQGsOX6yiWUcxE
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (14168) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
ransomware.pyc
-
Size
11KB
-
MD5
461db376fb7fa6b0150d1e726d435df7
-
SHA1
d4331b611f15681072bcdfa1285a45fee2ccd046
-
SHA256
67f24be69ca7828044f230de1fa65b45ed0f6eb176f4062e64629c62f1bdc010
-
SHA512
c5de620569e8ca8f7c3b804a69c985d2b83887e45286674276d27da972ad5d1b4b2ab8aaa557bda43e62395de39dc7daeaa7d79bf11fc5687be514304fca9ba8
-
SSDEEP
192:O0LeYYoCuztXwsYl89fcl5SWYcx8ot+MZlHmW4fvhLxdqXQBcexEF:neYYoCu5XQl8ZclYsSot+mHmZLjqXQEF
Score3/10 -