General
-
Target
ransom.exe
-
Size
115KB
-
Sample
200220-4btgkjw29e
-
MD5
75774dda6b6be3f370bff5126830b170
-
SHA1
a9778da3a940c57b2ea2c3764e73a545884cd715
-
SHA256
885cbe8d8cd781d68071ff84bb751a26efbf9f8412876b5b676f83c2e14d1cc6
-
SHA512
3427320c121966dc230b6c84245b9fa224e73ed603d233c09e316191b66d364ac3f7da6fb38955500ea9072b53d5be33749b44fbf0487f9d9f7ee2f3b884b1dc
Static task
static1
Behavioral task
behavioral1
Sample
ransom.exe.zip
Resource
win7v200217
Behavioral task
behavioral2
Sample
ransom.exe.zip
Resource
win10v200217
Behavioral task
behavioral3
Sample
TrustedInstaller.exe.new.exe
Resource
win7v200217
Behavioral task
behavioral4
Sample
TrustedInstaller.exe.new.exe
Resource
win10v200217
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
puljaipopre1981@protonmail.com
viomukinam1978@protonmail.com
Targets
-
-
Target
ransom.exe
-
Size
115KB
-
MD5
75774dda6b6be3f370bff5126830b170
-
SHA1
a9778da3a940c57b2ea2c3764e73a545884cd715
-
SHA256
885cbe8d8cd781d68071ff84bb751a26efbf9f8412876b5b676f83c2e14d1cc6
-
SHA512
3427320c121966dc230b6c84245b9fa224e73ed603d233c09e316191b66d364ac3f7da6fb38955500ea9072b53d5be33749b44fbf0487f9d9f7ee2f3b884b1dc
Score1/10 -
-
-
Target
TrustedInstaller.exe.new
-
Size
210KB
-
MD5
98d24623bd39d9fcfa1c2431a9391a07
-
SHA1
113df2b19ccfa8d8ff8a2a5b72bda05fe517118a
-
SHA256
b0c1e89ebf16baa03b431b797aece48eeb3da6bb6eabf12fa6a3aefd93f5890e
-
SHA512
c114fa0bdf4b7694a07a8cbee268f53287f9dbb66d4f29817c581fb86d831be9e351770e9cb4a6d3dc3c36eee1e9594139f638242a7042b33928fae6d3e6ac53
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run entry to start application
-
Discovering connected drives
-
Modifies service
-