General
-
Target
lsass.exe
-
Size
214KB
-
Sample
200709-hypr6l8dse
-
MD5
7789e69306b9dd1dde3f46e12d068e6c
-
SHA1
d06c49fe36ba5ae37fd4bc81924a106d8cafa116
-
SHA256
da75d48c48022aae0f3134dcb66c3a8180003b014cb12b4727dc02a8e1a83b10
-
SHA512
7e7733b225a729f16932e4423601cea1232002e2ecab8950ba9a8385897ff0a2b5f06c91008c05f1d4e0b0def856bea8b748873bbcd4149503e67d7fcbdacccd
Static task
static1
Behavioral task
behavioral1
Sample
lsass.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
lsass.exe
Resource
win10
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT
buran
mvpwesam@protonmail.com
Targets
-
-
Target
lsass.exe
-
Size
214KB
-
MD5
7789e69306b9dd1dde3f46e12d068e6c
-
SHA1
d06c49fe36ba5ae37fd4bc81924a106d8cafa116
-
SHA256
da75d48c48022aae0f3134dcb66c3a8180003b014cb12b4727dc02a8e1a83b10
-
SHA512
7e7733b225a729f16932e4423601cea1232002e2ecab8950ba9a8385897ff0a2b5f06c91008c05f1d4e0b0def856bea8b748873bbcd4149503e67d7fcbdacccd
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run entry to start application
-
Enumerates connected drives
-
Modifies service
-