General
-
Target
Archive.zip
-
Size
55.4MB
-
Sample
241105-xgbg9ayphk
-
MD5
d8f53d3cbc03adffce3e607e99d4052a
-
SHA1
a138d500c25040bd050057021c0c59cba8f67668
-
SHA256
9084e2889be461a8ab33fd8452ae7903ed79246dadee6dd2dae28fa21470b08f
-
SHA512
c1613d0efdfef280e7cdae72e0fed663db033860ae40877339fee7acecc8cbd6bf74c8f6e61743fdfe026a72be0a0ffa3b030e5f908ec359eb1fb111c83d3cf9
-
SSDEEP
1572864:PGfpVcwO9y/mGsstAoJbQyZkuRvIXv2rOFRa6/Ic81:Ip69sssxZQyWuKXv2rp6/IL
Static task
static1
Behavioral task
behavioral1
Sample
Archive.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
Archive.zip
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Archive.zip
-
Size
55.4MB
-
MD5
d8f53d3cbc03adffce3e607e99d4052a
-
SHA1
a138d500c25040bd050057021c0c59cba8f67668
-
SHA256
9084e2889be461a8ab33fd8452ae7903ed79246dadee6dd2dae28fa21470b08f
-
SHA512
c1613d0efdfef280e7cdae72e0fed663db033860ae40877339fee7acecc8cbd6bf74c8f6e61743fdfe026a72be0a0ffa3b030e5f908ec359eb1fb111c83d3cf9
-
SSDEEP
1572864:PGfpVcwO9y/mGsstAoJbQyZkuRvIXv2rOFRa6/Ic81:Ip69sssxZQyWuKXv2rp6/IL
Score9/10-
Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-