General
-
Target
Insomnia.Core-11.0.2.exe
-
Size
166.9MB
-
Sample
250501-24ycragm5x
-
MD5
e5b8c7374971f0dfbb8b055f5384f3d9
-
SHA1
646c42ca98ed7be46b9e5383029be46226ac8559
-
SHA256
fefe7ab85e86d0e16fbbf2d3fc7fdaec914799d7192f63ff43da9b17842bae2b
-
SHA512
20daa9dc4e8d2c48d2e6b2c560a2e38a11c0e58d90c8a04a176e396914f2ff2a6527137fdd8e73fec08a6aa27c2da9a63be36b1c6cf7a7a133705e4abfa3460c
-
SSDEEP
3145728:D1/VutnzoNTlBTL8VuVUmRZTbGONjRVuF3QvmTT2lPymux4Zcy:D9QtszTL8VMHbjjTu+uTqlPh5
Static task
static1
Behavioral task
behavioral1
Sample
Insomnia.Core-11.0.2.exe
Resource
win11-20250411-en
Malware Config
Targets
-
-
Target
Insomnia.Core-11.0.2.exe
-
Size
166.9MB
-
MD5
e5b8c7374971f0dfbb8b055f5384f3d9
-
SHA1
646c42ca98ed7be46b9e5383029be46226ac8559
-
SHA256
fefe7ab85e86d0e16fbbf2d3fc7fdaec914799d7192f63ff43da9b17842bae2b
-
SHA512
20daa9dc4e8d2c48d2e6b2c560a2e38a11c0e58d90c8a04a176e396914f2ff2a6527137fdd8e73fec08a6aa27c2da9a63be36b1c6cf7a7a133705e4abfa3460c
-
SSDEEP
3145728:D1/VutnzoNTlBTL8VuVUmRZTbGONjRVuF3QvmTT2lPymux4Zcy:D9QtszTL8VMHbjjTu+uTqlPh5
Score9/10-
Renames multiple (242) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-