General
-
Target
pcnew.exe
-
Size
20KB
-
Sample
201105-cw59cdyspj
-
MD5
1f8cef7b1f327e19ec561d1b80583d2d
-
SHA1
96795527c65711c13aef7f2cda3b5a0ff5779137
-
SHA256
c6ee0c5549619ebf81f7878da18a6e29ff315be7d0fb3d9b79b84717405c87f6
-
SHA512
2bdb59b8ca921b7def3547c622a4357398566c475ed1c77aad4fe91f1171ddee1b0d3524463ead12a10bba19fb5e23dcad3b00e948c8bde585d315906fd782e2
Static task
static1
Behavioral task
behavioral1
Sample
pcnew.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
pcnew.exe
Resource
win10v20201028
Malware Config
Extracted
C:\22912339014610\Read_Me.txt
http://25xb3kc6azicbbuo.onion/?XNDSIXND
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\115802396715453\Read_Me.txt
http://25xb3kc6azicbbuo.onion/?IJLMOQRT
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
pcnew.exe
-
Size
20KB
-
MD5
1f8cef7b1f327e19ec561d1b80583d2d
-
SHA1
96795527c65711c13aef7f2cda3b5a0ff5779137
-
SHA256
c6ee0c5549619ebf81f7878da18a6e29ff315be7d0fb3d9b79b84717405c87f6
-
SHA512
2bdb59b8ca921b7def3547c622a4357398566c475ed1c77aad4fe91f1171ddee1b0d3524463ead12a10bba19fb5e23dcad3b00e948c8bde585d315906fd782e2
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-