General
-
Target
c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe
-
Size
1.4MB
-
Sample
241114-dmstyasrbv
-
MD5
1b637a43abca552acaee11c01913db18
-
SHA1
3029954ac63d1c92601ba03ac8a59c66b386be21
-
SHA256
c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273
-
SHA512
989da53ed85976c64cc4efd7a86f3c4592bc49fc08b05a7c5220cde38eeab70d9f402d8e69a4c62cfea251ec47a24cd7d379879d4551440acbc749f4a47d1f1c
-
SSDEEP
24576:62kDGWIXrNkFADnrFpwHDsQ/R3xaFbrOCR:6/GVXrNkFADnppwHDsQ/GFW
Static task
static1
Behavioral task
behavioral1
Sample
c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe
Targets
-
-
Target
c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe
-
Size
1.4MB
-
MD5
1b637a43abca552acaee11c01913db18
-
SHA1
3029954ac63d1c92601ba03ac8a59c66b386be21
-
SHA256
c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273
-
SHA512
989da53ed85976c64cc4efd7a86f3c4592bc49fc08b05a7c5220cde38eeab70d9f402d8e69a4c62cfea251ec47a24cd7d379879d4551440acbc749f4a47d1f1c
-
SSDEEP
24576:62kDGWIXrNkFADnrFpwHDsQ/R3xaFbrOCR:6/GVXrNkFADnppwHDsQ/GFW
-
Renames multiple (841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-