General
-
Target
SecuriteInfo.com.Generic.mg.e26982b170856ca8.24043
-
Size
437KB
-
Sample
200827-5bhw2szgs6
-
MD5
e26982b170856ca8ca96a2f41b2306fb
-
SHA1
e467f2bc6f01f2a13effaf8f6283d616ccf40e2e
-
SHA256
8d44fdbedd0ec9ae59fad78bdb12d15d6903470eb1046b45c227193b233adda6
-
SHA512
80a636ae53f5049e1ec34e092d91be8f8cc11d1f96eb919bfabd814c677c1e68a773c102b4fd28f2335427173f76203815b60f133d1d4cf0834bded85931af0e
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.e26982b170856ca8.24043.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.e26982b170856ca8.24043.exe
Resource
win10
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
crioso@protonmail.com
wiruxa@airmail.cc
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.e26982b170856ca8.24043
-
Size
437KB
-
MD5
e26982b170856ca8ca96a2f41b2306fb
-
SHA1
e467f2bc6f01f2a13effaf8f6283d616ccf40e2e
-
SHA256
8d44fdbedd0ec9ae59fad78bdb12d15d6903470eb1046b45c227193b233adda6
-
SHA512
80a636ae53f5049e1ec34e092d91be8f8cc11d1f96eb919bfabd814c677c1e68a773c102b4fd28f2335427173f76203815b60f133d1d4cf0834bded85931af0e
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-