General
-
Target
satan_1.0.0.16.vir
-
Size
184KB
-
Sample
200719-ev4bcz7hs2
-
MD5
5e2ed2f916fc4291ffd2f58334a966bc
-
SHA1
2f887e570c13f5dc204230a05774adba6ad3004c
-
SHA256
3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145
-
SHA512
0a55713bc54efbad793515b7c29b97a58fcd3daac9ead934028878b8f135f63b50e3cc4c1073703f0ad6202137f0ac403da997ce9bf84dc0ed6a56fef87bf671
Score
9/10
Malware Config
Targets
-
-
Target
satan_1.0.0.16.vir
-
Size
184KB
-
MD5
5e2ed2f916fc4291ffd2f58334a966bc
-
SHA1
2f887e570c13f5dc204230a05774adba6ad3004c
-
SHA256
3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145
-
SHA512
0a55713bc54efbad793515b7c29b97a58fcd3daac9ead934028878b8f135f63b50e3cc4c1073703f0ad6202137f0ac403da997ce9bf84dc0ed6a56fef87bf671
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Modifies service
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-