General
-
Target
63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806.ps1
-
Size
1.6MB
-
Sample
201001-n6ry188sfj
-
MD5
c171bcd34151cbcd48edbce13796e0ed
-
SHA1
2770fec86275dfb1a4a05e2d56bc27a089197666
-
SHA256
63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806
-
SHA512
d25cbb70dae9bcc49d32c15300734879fe4c1b7ae35cb5affab50e8a61ae7226832b278d846f76f7eedc3a1baf35e2aec4e8c364eab99cddb00c2ffeb97283da
Malware Config
Targets
-
-
Target
63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806.ps1
-
Size
1.6MB
-
MD5
c171bcd34151cbcd48edbce13796e0ed
-
SHA1
2770fec86275dfb1a4a05e2d56bc27a089197666
-
SHA256
63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806
-
SHA512
d25cbb70dae9bcc49d32c15300734879fe4c1b7ae35cb5affab50e8a61ae7226832b278d846f76f7eedc3a1baf35e2aec4e8c364eab99cddb00c2ffeb97283da
Score10/10-
SunCrypt Ransomware
Family which threatens to leak data alongside encrypting files. Has claimed to be collaborating with the Maze ransomware group.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-