General
-
Target
ragnar_locker_EDP (1)
-
Size
69KB
-
Sample
200803-bpqrb9bd9a
-
MD5
00fb3f27bccef7c5658ff9f5ce487cec
-
SHA1
c24fedb9b8a592722d5a9adb34d276fc3b329d6f
-
SHA256
b670441066ff868d06c682e5167b9dbc85b5323f3acfbbc044cabc0e5a594186
-
SHA512
a2346683bbdb5c7d939c0eaa4fb3a411681fedfbf90bea2866482b699da56aeaa4a5b3ffe5f8f24fdb5f4966dd22b8293ed1ee0eed4552dd9bb81f708e2e0235
Static task
static1
Behavioral task
behavioral1
Sample
ragnar_locker_EDP (1).exe
Resource
win7
Behavioral task
behavioral2
Sample
ragnar_locker_EDP (1).exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Public\Documents\RGNR_F0C1BF83.txt
ragnarlocker
http://p6o7m73ujalhgkiv.onion/?p=171
http://mykgoj7uvqtgl367.onion/client/?6bECA2b2AFFfBC1Dff0aa0EaaAd468bec0903b5e4Ea58ecde3C264bC55c7389E
http://p6o7m73ujalhgkiv.onion/?page_id=171
Targets
-
-
Target
ragnar_locker_EDP (1)
-
Size
69KB
-
MD5
00fb3f27bccef7c5658ff9f5ce487cec
-
SHA1
c24fedb9b8a592722d5a9adb34d276fc3b329d6f
-
SHA256
b670441066ff868d06c682e5167b9dbc85b5323f3acfbbc044cabc0e5a594186
-
SHA512
a2346683bbdb5c7d939c0eaa4fb3a411681fedfbf90bea2866482b699da56aeaa4a5b3ffe5f8f24fdb5f4966dd22b8293ed1ee0eed4552dd9bb81f708e2e0235
Score10/10-
RagnarLocker
Ransomware first seen at the end of 2019, which has been used in targetted attacks against multiple companies.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Modifies service
-