General
-
Target
5615482142228480.zip
-
Size
182KB
-
Sample
201217-cjpmcg8m7a
-
MD5
93b4f60cdc5d5288c98c50cd3620ba06
-
SHA1
549c775e3bf93a324319ad98aad4952cc2f82d55
-
SHA256
eba3e153c13f618ceef6c2cc58f67d19b008adb87d4ea0ae9861a63072b8738d
-
SHA512
3598ff6e32b18634792025297b9de68cc920303e158df1baa7a62e94c4ca38f0cf0d79075e0f2beddbe015d49f85c2be96617eccb9faa0e567708ae0f752663f
Static task
static1
Behavioral task
behavioral1
Sample
f9fcc0cddd57b377a8aa65a713ddbe986cda2e188e037cbd706c81096059c9d5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f9fcc0cddd57b377a8aa65a713ddbe986cda2e188e037cbd706c81096059c9d5.exe
Resource
win10v20201028
Malware Config
Extracted
C:\!!! HOW TO BACK YOUR FILES !!!.TXT
buran
Extracted
C:\!!! HOW TO BACK YOUR FILES !!!.TXT
buran
Targets
-
-
Target
f9fcc0cddd57b377a8aa65a713ddbe986cda2e188e037cbd706c81096059c9d5
-
Size
450KB
-
MD5
efc275dbc9e66fbbc84cfac31aeabfd0
-
SHA1
46458fe09b1d29198cb1c143d5f8d517850493f5
-
SHA256
f9fcc0cddd57b377a8aa65a713ddbe986cda2e188e037cbd706c81096059c9d5
-
SHA512
45e8578bd9c58e522fe7c6680d972ce510d3fe483a70583bf192ebd1a946da8c492d5aecb126778defcaffb66550b91b047c7a9934a6b3e88c2da36a4754596e
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-