General
-
Target
86ec71b83a20807b113163afab9afbf9d9c7cf053ae95e539b564c59013112a6N.exe
-
Size
818KB
-
Sample
241119-sz453asnfj
-
MD5
9e26cac45be1a5b2fae27a53d6580da0
-
SHA1
8c74bb684b4fb1ee1fcaee79535eeccba80e65f8
-
SHA256
86ec71b83a20807b113163afab9afbf9d9c7cf053ae95e539b564c59013112a6
-
SHA512
576efefe45da8be5bd3de6508a0b5371ce7e9fdd30b8e16e62d88aadce7e7a84f6c74b0d5c23956ac8caa698e9ac2bf971fa6fd2a43918c2680d54b5b5c9fe93
-
SSDEEP
24576:lKKKKKKKKKKKKGWCnMcwOdD8LHgZSJ873hm:oWCnMcJdD8LHHJ8zhm
Malware Config
Targets
-
-
Target
86ec71b83a20807b113163afab9afbf9d9c7cf053ae95e539b564c59013112a6N.exe
-
Size
818KB
-
MD5
9e26cac45be1a5b2fae27a53d6580da0
-
SHA1
8c74bb684b4fb1ee1fcaee79535eeccba80e65f8
-
SHA256
86ec71b83a20807b113163afab9afbf9d9c7cf053ae95e539b564c59013112a6
-
SHA512
576efefe45da8be5bd3de6508a0b5371ce7e9fdd30b8e16e62d88aadce7e7a84f6c74b0d5c23956ac8caa698e9ac2bf971fa6fd2a43918c2680d54b5b5c9fe93
-
SSDEEP
24576:lKKKKKKKKKKKKGWCnMcwOdD8LHgZSJ873hm:oWCnMcJdD8LHHJ8zhm
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-