General
-
Target
a17f22b67ecf9312bf59c8bb77445969bd6bbe61cf2b5ba98255f6cf30130d8c.zip
-
Size
94KB
-
Sample
250403-bhm2sayq19
-
MD5
5ff7e3d830ceb0d8db02ab6aecd68d3f
-
SHA1
a500b5d0329ce99215b5b532bb2cadc08ba0092a
-
SHA256
88bb534525e0fb662e60ff3524897d1b92d86ef792615f916f93f27abb5ea4b1
-
SHA512
d203f4f2c3c91f0e9aa88f8162a2d5095328edb33ffb8d70b25d2791e6abd17b6f1ce01d5703d8429a6e4e858995872c3e74a23b2db3839390578f052e0329b5
-
SSDEEP
1536:R1ZvO4c+TcpzIVy1+7TdjUXhEs2doDGfEIScepzTc5vAxLmR2skk5UVM:RbthTcpc41+vdj+12yGOvNc5vAm2HQUM
Behavioral task
behavioral1
Sample
a17f22b67ecf9312bf59c8bb77445969bd6bbe61cf2b5ba98255f6cf30130d8c.exe
Resource
win11-20250313-en
Malware Config
Extracted
C:\ni8pxbvnx.README.txt
https://tox.chat
Targets
-
-
Target
a17f22b67ecf9312bf59c8bb77445969bd6bbe61cf2b5ba98255f6cf30130d8c.exe
-
Size
146KB
-
MD5
c6c371198124b086a547407a7d36fcc6
-
SHA1
1a3108ecb72ca0da0c04bd5c29caebee0ffd795d
-
SHA256
a17f22b67ecf9312bf59c8bb77445969bd6bbe61cf2b5ba98255f6cf30130d8c
-
SHA512
568da365e16e806593d5bb9ca335a4b1e7585148b29fe131d3fffb45275962991948de6700c28d3afb4302ebbb8570e20781933bdcfb3685cde325b64efc19d5
-
SSDEEP
1536:szICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDzp6HbSCkHdMBfusRDARJbWUyz:DqJogYkcSNm9V7Dzx19pODObWT
Score10/10-
Renames multiple (539) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-