General
-
Target
V-Bucks Generator.exe
-
Size
458KB
-
Sample
250519-yezmqsyj13
-
MD5
d5e63bc0a087c9cda1215688405b6fb2
-
SHA1
e32d08d66878bf50458cd8674dfc581a6fc611d4
-
SHA256
9bf2689546105532a778dc6a0a6e964ece8ff33c4fcea28e82c29940e06d2666
-
SHA512
cdc9610af7562bca20bb29a14b7acb0facef90f15b21ad4d0006e5dc2afc9533cd406c7735dcc9c1e353cc04ff4b480d7d0229be59e2b0e51ed91bbef4298f12
-
SSDEEP
12288:QGchrYmYRz1T/I/x/c/Qkrn5gA6IG+rQFR:SrqJT/Cw5gA6Iy
Static task
static1
Behavioral task
behavioral1
Sample
V-Bucks Generator.exe
Resource
win10ltsc2021-20250425-en
Malware Config
Targets
-
-
Target
V-Bucks Generator.exe
-
Size
458KB
-
MD5
d5e63bc0a087c9cda1215688405b6fb2
-
SHA1
e32d08d66878bf50458cd8674dfc581a6fc611d4
-
SHA256
9bf2689546105532a778dc6a0a6e964ece8ff33c4fcea28e82c29940e06d2666
-
SHA512
cdc9610af7562bca20bb29a14b7acb0facef90f15b21ad4d0006e5dc2afc9533cd406c7735dcc9c1e353cc04ff4b480d7d0229be59e2b0e51ed91bbef4298f12
-
SSDEEP
12288:QGchrYmYRz1T/I/x/c/Qkrn5gA6IG+rQFR:SrqJT/Cw5gA6Iy
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-