General
-
Target
054ce01f56fced98721576017754aa60fb81309babaab7bf53aaec39d2c1fbc9.bin
-
Size
1.3MB
-
Sample
200923-f35awlzg5j
-
MD5
f4c92c5896d92368dab37f277f74220a
-
SHA1
e5763d7e58f39b9f2130abcfadaa34e5e46b04a9
-
SHA256
054ce01f56fced98721576017754aa60fb81309babaab7bf53aaec39d2c1fbc9
-
SHA512
99d06cd0288d892c1e018439e75a5f62ad909a1a6d35de4101a1fa99d55ea3c34685857e39cc385f9aedd0d4f027dc3592d1605919b91bc0a44ea8126343b0e5
Static task
static1
Behavioral task
behavioral1
Sample
054ce01f56fced98721576017754aa60fb81309babaab7bf53aaec39d2c1fbc9.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
054ce01f56fced98721576017754aa60fb81309babaab7bf53aaec39d2c1fbc9.bin.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Visio\Recover files.hta
Targets
-
-
Target
054ce01f56fced98721576017754aa60fb81309babaab7bf53aaec39d2c1fbc9.bin
-
Size
1.3MB
-
MD5
f4c92c5896d92368dab37f277f74220a
-
SHA1
e5763d7e58f39b9f2130abcfadaa34e5e46b04a9
-
SHA256
054ce01f56fced98721576017754aa60fb81309babaab7bf53aaec39d2c1fbc9
-
SHA512
99d06cd0288d892c1e018439e75a5f62ad909a1a6d35de4101a1fa99d55ea3c34685857e39cc385f9aedd0d4f027dc3592d1605919b91bc0a44ea8126343b0e5
Score10/10-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Stops running service(s)
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-