General
-
Target
c9ff554ad2c26b8a734b8c85fe083ebe55ceabca3d6bfd7e6f3ee8f32cc00ec6.exe
-
Size
4.4MB
-
Sample
241114-la6t2awlg1
-
MD5
0587901cb341309f079e4b940b53ed06
-
SHA1
08bb07f9c5a088419e9557bd9d2f8f9f853ab958
-
SHA256
c9ff554ad2c26b8a734b8c85fe083ebe55ceabca3d6bfd7e6f3ee8f32cc00ec6
-
SHA512
88fee93da44848fb9b440c038a37e74f8e2bbec5a91145f0beff0b15e0a2ca4e6920037b8e1bbfe2bd818b5a63ce2f14b89b1143998c739d7d72232878b73f08
-
SSDEEP
12288:9jlN3iwbihym2g7XO3LWUQfh4CoRQYZTWbDjJc9bkf:9j1+gkE2fh4CoRX5SnWK
Static task
static1
Behavioral task
behavioral1
Sample
c9ff554ad2c26b8a734b8c85fe083ebe55ceabca3d6bfd7e6f3ee8f32cc00ec6.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
c9ff554ad2c26b8a734b8c85fe083ebe55ceabca3d6bfd7e6f3ee8f32cc00ec6.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c9ff554ad2c26b8a734b8c85fe083ebe55ceabca3d6bfd7e6f3ee8f32cc00ec6.exe
-
Size
4.4MB
-
MD5
0587901cb341309f079e4b940b53ed06
-
SHA1
08bb07f9c5a088419e9557bd9d2f8f9f853ab958
-
SHA256
c9ff554ad2c26b8a734b8c85fe083ebe55ceabca3d6bfd7e6f3ee8f32cc00ec6
-
SHA512
88fee93da44848fb9b440c038a37e74f8e2bbec5a91145f0beff0b15e0a2ca4e6920037b8e1bbfe2bd818b5a63ce2f14b89b1143998c739d7d72232878b73f08
-
SSDEEP
12288:9jlN3iwbihym2g7XO3LWUQfh4CoRQYZTWbDjJc9bkf:9j1+gkE2fh4CoRX5SnWK
Score9/10-
Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-