General
-
Target
550771bbf8a3e5625d6ec76d70ed86f6e443f07ce80ff73e47f8249ddd72a8cf.bin
-
Size
22KB
-
Sample
210118-4myp12qpga
-
MD5
64f7ac45f930fe0ae05f6a6102ddb511
-
SHA1
499c21991aecc205fd9c64784909d94eb34a9a71
-
SHA256
550771bbf8a3e5625d6ec76d70ed86f6e443f07ce80ff73e47f8249ddd72a8cf
-
SHA512
864f551b85dcacfc6ecb0af94292c520366889c09287b1c34fb2971113744ef364eff8c4b77739baa25a8456be3f7bb8b7d19ab21c241b7330bf0a22f63abcd5
Static task
static1
Behavioral task
behavioral1
Sample
550771bbf8a3e5625d6ec76d70ed86f6e443f07ce80ff73e47f8249ddd72a8cf.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
550771bbf8a3e5625d6ec76d70ed86f6e443f07ce80ff73e47f8249ddd72a8cf.bin.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\How To Restore Your Files.txt
http://babukq4e2p4wu4iq.onion/login.php?id=6iAq0NR1jS3TgDD3OoEiWFHJpUPrGc
Targets
-
-
Target
550771bbf8a3e5625d6ec76d70ed86f6e443f07ce80ff73e47f8249ddd72a8cf.bin
-
Size
22KB
-
MD5
64f7ac45f930fe0ae05f6a6102ddb511
-
SHA1
499c21991aecc205fd9c64784909d94eb34a9a71
-
SHA256
550771bbf8a3e5625d6ec76d70ed86f6e443f07ce80ff73e47f8249ddd72a8cf
-
SHA512
864f551b85dcacfc6ecb0af94292c520366889c09287b1c34fb2971113744ef364eff8c4b77739baa25a8456be3f7bb8b7d19ab21c241b7330bf0a22f63abcd5
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-