General
-
Target
1.bin.zip
-
Size
17KB
-
Sample
201207-84mcv75fqx
-
MD5
958137a20adf72ac8c1bf1c1b3d7085f
-
SHA1
3a592d26f1bf5b149e3ebf097dc9ee7a39a460ed
-
SHA256
7405d8aafbe729e470d31e0cbf9badf3a99b65256d4b9aad81c9f197b9ba7886
-
SHA512
3ec280d616bb601ea49651dc632524f4b73b08b3a8ae69a9dd7af2e3594004fdbb387f70d6cb81e9e19810f38ea992c7178c3f828f6590203178437796cb6c9a
Static task
static1
Behavioral task
behavioral1
Sample
1.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1.bin.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\Desktop\readme-warning.txt
makop
carlosrestore2020@aol.com
Targets
-
-
Target
1.bin
-
Size
26KB
-
MD5
f74616a400973b5d1a5d8c039817ff03
-
SHA1
2ddd74b84fa10350f4435967f7b1c7a3c82ac124
-
SHA256
dc9fed631827723135571dfd135b442f2cad1cfa822bd7d4edfa757e2c3790a8
-
SHA512
9299a16cc30e342ba1a882fcadeee118425997a808e73a994b08aa7351c38be8bacd7ea97eadbc850694bcb42b49ecfa8ff2648eafde41c565eaade42c95a5cf
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-