General
-
Target
http://google.com
-
Sample
240703-f23c2atbnp
Score
10/10
Malware Config
Targets
-
-
Target
http://google.com
Score10/10-
Chimera
Ransomware which infects local and network files, often distributed via Dropbox links.
-
CryptoLocker
Ransomware family with multiple variants.
-
Renames multiple (3256) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-