General
-
Target
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
Size
423KB
-
Sample
201109-jzbbrsex6s
-
MD5
055c2fba242d03ae153be4a796c55ae2
-
SHA1
be71b94e30d5465d8b72e1fc7c0137024f97baee
-
SHA256
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
SHA512
20b31f6db488d26c1f7564106e455a77461e8a9934718e72c6c917e3ec688a9a597a05f1b93584fd88d3e867f09a470eb90094e27c2525939894973d31498890
Static task
static1
Behavioral task
behavioral1
Sample
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9
Targets
-
-
Target
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
Size
423KB
-
MD5
055c2fba242d03ae153be4a796c55ae2
-
SHA1
be71b94e30d5465d8b72e1fc7c0137024f97baee
-
SHA256
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
SHA512
20b31f6db488d26c1f7564106e455a77461e8a9934718e72c6c917e3ec688a9a597a05f1b93584fd88d3e867f09a470eb90094e27c2525939894973d31498890
Score10/10-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Modifies service
-