General
-
Target
d59f5ec04181bce24abf5f27606532d1d0a0c389b5bf87a9cd249259e0012ebd
-
Size
140KB
-
Sample
240701-dqcxwsvare
-
MD5
341376de8e07fc05cae5fc3a5fb4fa0a
-
SHA1
022eb721dddb66e72de6bad82f410a283c33cdbb
-
SHA256
d59f5ec04181bce24abf5f27606532d1d0a0c389b5bf87a9cd249259e0012ebd
-
SHA512
a803acd0690ddfe91fb26b3df1fbf9a11cdf3b67ef558b5fa56ad9b74ef0a5f776a5beb426f0177bdc6074ad0f164304db453e8c0c5e4f352340a814fa5094fa
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8OyZ2FdldNTWn1++PJHJXA/OsIZfzc3/Q8OyZ2Fs:KQSonyZ2FdldpQSonyZ2FdldJbc
Malware Config
Targets
-
-
Target
d59f5ec04181bce24abf5f27606532d1d0a0c389b5bf87a9cd249259e0012ebd
-
Size
140KB
-
MD5
341376de8e07fc05cae5fc3a5fb4fa0a
-
SHA1
022eb721dddb66e72de6bad82f410a283c33cdbb
-
SHA256
d59f5ec04181bce24abf5f27606532d1d0a0c389b5bf87a9cd249259e0012ebd
-
SHA512
a803acd0690ddfe91fb26b3df1fbf9a11cdf3b67ef558b5fa56ad9b74ef0a5f776a5beb426f0177bdc6074ad0f164304db453e8c0c5e4f352340a814fa5094fa
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8OyZ2FdldNTWn1++PJHJXA/OsIZfzc3/Q8OyZ2Fs:KQSonyZ2FdldpQSonyZ2FdldJbc
Score9/10-
Renames multiple (484) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-