General
-
Target
build-x32.crypt.bin.zip
-
Size
19KB
-
Sample
200723-1el7ztcngs
-
MD5
44406e1afbf3858f1021681334c19e0b
-
SHA1
c3ddb9631fe00c67738744446e0b7f5293d454a6
-
SHA256
9aa75631b7a56a84117e5aed0540fb74dfcde2c36d52744156381c9161603e28
-
SHA512
628a9677db5c704728e58f58b089d7fb7e1c8eca30feea8f0f8d31d76cccce670990ed5f8ec096685e76512ce3c3d8706f60c4766b6996be58960fa0e8bf7ea3
Static task
static1
Behavioral task
behavioral1
Sample
build-x32.crypt.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
build-x32.crypt.bin.exe
Resource
win10
Malware Config
Targets
-
-
Target
build-x32.crypt.bin
-
Size
43KB
-
MD5
0d256ab0a8b8b7a3b3d4aaf566189ca6
-
SHA1
2f0142e0f5a21822fd9e391246b6cc470f4089a1
-
SHA256
f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f
-
SHA512
19afeb080a691f287b902455269b6de051e93e0c9afbd00ed9166e6fb4c11e2b6d8eea53dabc2b8b465c7bcac9130e379115f0b9ea48420cff9c71788232fe7a
Score10/10-
Exorcist
Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-