General
-
Target
b2d68a79a621c3f9e46f9df52ed19b8fec22c3cf5f4e3d8630a2bc68fd43d2ee.bin
-
Size
69KB
-
Sample
201109-tafqczvps2
-
MD5
f957f19cd9d71abe3cb980ebe7f75d72
-
SHA1
96432d979fdec055e4f40845a27cf4a9c0a0a34b
-
SHA256
b2d68a79a621c3f9e46f9df52ed19b8fec22c3cf5f4e3d8630a2bc68fd43d2ee
-
SHA512
26a1375d5893ee5e80ba2e47d92ed559f82acd539dcff785bbc52e7df226655192047e5b6f80e61f8076dab42f28d48e04e3fd4f80309cc4d0720a50db4393f7
Static task
static1
Behavioral task
behavioral1
Sample
b2d68a79a621c3f9e46f9df52ed19b8fec22c3cf5f4e3d8630a2bc68fd43d2ee.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b2d68a79a621c3f9e46f9df52ed19b8fec22c3cf5f4e3d8630a2bc68fd43d2ee.bin.exe
Resource
win10v20201028
Malware Config
Extracted
C:\A2400D-Readme.txt
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Program Files (x86)\Microsoft Office\Stationery\1033\A2400D-Readme.txt
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Program Files (x86)\Microsoft Office\Document Themes 14\A2400D-Readme.txt
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Public\Libraries\3FD972-Readme.txt
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\3FD972-Readme.txt
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Program Files\Java\jdk1.8.0_66\jre\lib\3FD972-Readme.txt
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
b2d68a79a621c3f9e46f9df52ed19b8fec22c3cf5f4e3d8630a2bc68fd43d2ee.bin
-
Size
69KB
-
MD5
f957f19cd9d71abe3cb980ebe7f75d72
-
SHA1
96432d979fdec055e4f40845a27cf4a9c0a0a34b
-
SHA256
b2d68a79a621c3f9e46f9df52ed19b8fec22c3cf5f4e3d8630a2bc68fd43d2ee
-
SHA512
26a1375d5893ee5e80ba2e47d92ed559f82acd539dcff785bbc52e7df226655192047e5b6f80e61f8076dab42f28d48e04e3fd4f80309cc4d0720a50db4393f7
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-