General
-
Target
Aksip.bin
-
Size
344KB
-
Sample
200728-nzvd3g7j66
-
MD5
61506482ddd28756e443b3de05a3b1cf
-
SHA1
8d7effb5a456289d13f725486a30bed727a01be0
-
SHA256
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
-
SHA512
18a7178209e6e9edd15e22c97ad15b049370fe457fcec815fe702d75514014460f80326e3a4ae6ca496582467c57398cdb250bf826b76e62bf2c56e1f38efe46
Static task
static1
Behavioral task
behavioral1
Sample
Aksip.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Aksip.bin.exe
Resource
win10v200722
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
msupport2019@protonmail.com
msupport@elude.in
Targets
-
-
Target
Aksip.bin
-
Size
344KB
-
MD5
61506482ddd28756e443b3de05a3b1cf
-
SHA1
8d7effb5a456289d13f725486a30bed727a01be0
-
SHA256
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
-
SHA512
18a7178209e6e9edd15e22c97ad15b049370fe457fcec815fe702d75514014460f80326e3a4ae6ca496582467c57398cdb250bf826b76e62bf2c56e1f38efe46
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies service
-