General
-
Target
9ce7afa5c28d23a68bd26a4e8a5fe096
-
Size
476KB
-
Sample
201025-14e9fef47n
-
MD5
9ce7afa5c28d23a68bd26a4e8a5fe096
-
SHA1
ce50f097d91e1898e941288418f43ad5a2480e96
-
SHA256
b9170a6678f62a8484ec8c75b1a0d5d3ee620154d8d8f07a7a748f45781e3116
-
SHA512
5850da36cd32ef781366e99eb40224b2f72ae6ccdbdcc50ece5daf7fa34000b07844ba486eec79f7580304af9cd3825465ded532f3cc86aa2c7642abcd124408
Static task
static1
Behavioral task
behavioral1
Sample
9ce7afa5c28d23a68bd26a4e8a5fe096.exe
Resource
win7
Behavioral task
behavioral2
Sample
9ce7afa5c28d23a68bd26a4e8a5fe096.exe
Resource
win10
Malware Config
Extracted
\??\c:\users\admin\documents\_HOW_TO_DECRYPT_MY_FILES_YLOIV0QS_.txt
cerber
http://oqwygprskqv65j72.onion/77B8-F9D0-0751-00A0-17EF
http://oqwygprskqv65j72.1d88b8.top/77B8-F9D0-0751-00A0-17EF
http://oqwygprskqv65j72.1fs9pz.top/77B8-F9D0-0751-00A0-17EF
http://oqwygprskqv65j72.14jqyo.top/77B8-F9D0-0751-00A0-17EF
http://oqwygprskqv65j72.1kh9ct.top/77B8-F9D0-0751-00A0-17EF
http://oqwygprskqv65j72.13rdvu.top/77B8-F9D0-0751-00A0-17EF
Extracted
C:\Users\Admin\Desktop\_HOW_TO_DECRYPT_MY_FILES_1G2M6_.hta
http://oqwygprskqv65j72.1d88b8.top/77B8-F9D0-0751-00A0-17EFhttp://oqwygprskqv65j72.1fs9pz.top/77B8-F9D0-0751-00A0-17EFhttp://oqwygprskqv65j72.14jqyo.top/77B8-F9D0-0751-00A0-17EFhttp://oqwygprskqv65j72.1kh9ct.top/77B8-F9D0-0751-00A0-17EFhttp://oqwygprskqv65j72.13rdvu.top/77B8-F9D0-0751-00A0-17EF
http://oqwygprskqv65j72.onion/77B8-F9D0-0751-00A0-17EF
https://www.baidu.com
Extracted
\??\c:\users\admin\documents\_HOW_TO_DECRYPT_MY_FILES_5X3HUK_.txt
cerber
http://oqwygprskqv65j72.onion/6D25-1972-1151-00A0-19AF
http://oqwygprskqv65j72.1d88b8.top/6D25-1972-1151-00A0-19AF
http://oqwygprskqv65j72.1fs9pz.top/6D25-1972-1151-00A0-19AF
http://oqwygprskqv65j72.14jqyo.top/6D25-1972-1151-00A0-19AF
http://oqwygprskqv65j72.1kh9ct.top/6D25-1972-1151-00A0-19AF
http://oqwygprskqv65j72.13rdvu.top/6D25-1972-1151-00A0-19AF
Extracted
C:\Users\Admin\Desktop\_HOW_TO_DECRYPT_MY_FILES_5J4WS_.hta
http://oqwygprskqv65j72.1d88b8.top/6D25-1972-1151-00A0-19AFhttp://oqwygprskqv65j72.1fs9pz.top/6D25-1972-1151-00A0-19AFhttp://oqwygprskqv65j72.14jqyo.top/6D25-1972-1151-00A0-19AFhttp://oqwygprskqv65j72.1kh9ct.top/6D25-1972-1151-00A0-19AFhttp://oqwygprskqv65j72.13rdvu.top/6D25-1972-1151-00A0-19AF
http://oqwygprskqv65j72.onion/6D25-1972-1151-00A0-19AF
https://www.baidu.com
Targets
-
-
Target
9ce7afa5c28d23a68bd26a4e8a5fe096
-
Size
476KB
-
MD5
9ce7afa5c28d23a68bd26a4e8a5fe096
-
SHA1
ce50f097d91e1898e941288418f43ad5a2480e96
-
SHA256
b9170a6678f62a8484ec8c75b1a0d5d3ee620154d8d8f07a7a748f45781e3116
-
SHA512
5850da36cd32ef781366e99eb40224b2f72ae6ccdbdcc50ece5daf7fa34000b07844ba486eec79f7580304af9cd3825465ded532f3cc86aa2c7642abcd124408
Score10/10-
Blacklisted process makes network request
-
Modifies Windows Firewall
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-