General
-
Target
84eb7b81d6de322c8c15466667ab0f3a
-
Size
476KB
-
Sample
201026-hy19agra8j
-
MD5
84eb7b81d6de322c8c15466667ab0f3a
-
SHA1
b7b3249fcaa8b8997b1c64ac2a215b1e0b967843
-
SHA256
620d00c17bff11803acd34235d44d8ef07550877a9168cf95fdd081de9ae18b2
-
SHA512
94f32a1294c3169e0568b4c1da86f454ee62cc6aedd2adde6b15fab7f7c4cc435ad48bdb3afceec11c4564469dbb0b6e441e65ade8c1184cf6ecf2525b015466
Static task
static1
Behavioral task
behavioral1
Sample
84eb7b81d6de322c8c15466667ab0f3a.exe
Resource
win7
Behavioral task
behavioral2
Sample
84eb7b81d6de322c8c15466667ab0f3a.exe
Resource
win10
Malware Config
Extracted
\??\c:\users\admin\documents\_HOW_TO_DECRYPT_MY_FILES_AEYQ_.txt
cerber
http://oqwygprskqv65j72.onion/A9B6-E488-F9DF-00A0-189B
http://oqwygprskqv65j72.1d88b8.top/A9B6-E488-F9DF-00A0-189B
http://oqwygprskqv65j72.1fs9pz.top/A9B6-E488-F9DF-00A0-189B
http://oqwygprskqv65j72.14jqyo.top/A9B6-E488-F9DF-00A0-189B
http://oqwygprskqv65j72.1kh9ct.top/A9B6-E488-F9DF-00A0-189B
http://oqwygprskqv65j72.13rdvu.top/A9B6-E488-F9DF-00A0-189B
Extracted
C:\Users\Admin\Desktop\_HOW_TO_DECRYPT_MY_FILES_AT3TEO0L_.hta
http://oqwygprskqv65j72.1d88b8.top/A9B6-E488-F9DF-00A0-189Bhttp://oqwygprskqv65j72.1fs9pz.top/A9B6-E488-F9DF-00A0-189Bhttp://oqwygprskqv65j72.14jqyo.top/A9B6-E488-F9DF-00A0-189Bhttp://oqwygprskqv65j72.1kh9ct.top/A9B6-E488-F9DF-00A0-189Bhttp://oqwygprskqv65j72.13rdvu.top/A9B6-E488-F9DF-00A0-189B
http://oqwygprskqv65j72.onion/A9B6-E488-F9DF-00A0-189B
https://www.baidu.com
Targets
-
-
Target
84eb7b81d6de322c8c15466667ab0f3a
-
Size
476KB
-
MD5
84eb7b81d6de322c8c15466667ab0f3a
-
SHA1
b7b3249fcaa8b8997b1c64ac2a215b1e0b967843
-
SHA256
620d00c17bff11803acd34235d44d8ef07550877a9168cf95fdd081de9ae18b2
-
SHA512
94f32a1294c3169e0568b4c1da86f454ee62cc6aedd2adde6b15fab7f7c4cc435ad48bdb3afceec11c4564469dbb0b6e441e65ade8c1184cf6ecf2525b015466
Score10/10-
Blacklisted process makes network request
-
Modifies Windows Firewall
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-