General
-
Target
a.exe
-
Size
32KB
-
Sample
201105-81v9dzwbae
-
MD5
4a94758d9b8bed45249bffffbaaa0460
-
SHA1
fff1c09b6e710d1804716e6b6b6c055a899aa1fc
-
SHA256
64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532
-
SHA512
5d77477a4561723c9752a9666228df2dc2b5547eaac7b7507ea552b310bcee5b13a75a73f8e9fb7a466762e5f360bec197ce0b3a09abd7b13d5b7dfc865ff45b
Static task
static1
Behavioral task
behavioral1
Sample
a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a.exe
Resource
win10v20201028
Malware Config
Extracted
C:\120162634617678\Read_Me.txt
http://25xb3kc6azicbbuo.onion/?IXNDSIXN
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\20172306425313\Read_Me.txt
http://25xb3kc6azicbbuo.onion/?WNOQSTVX
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
a.exe
-
Size
32KB
-
MD5
4a94758d9b8bed45249bffffbaaa0460
-
SHA1
fff1c09b6e710d1804716e6b6b6c055a899aa1fc
-
SHA256
64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532
-
SHA512
5d77477a4561723c9752a9666228df2dc2b5547eaac7b7507ea552b310bcee5b13a75a73f8e9fb7a466762e5f360bec197ce0b3a09abd7b13d5b7dfc865ff45b
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-