General
-
Target
d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.zip
-
Size
86KB
-
Sample
210118-jg3a8twq6n
-
MD5
47e3a4fdd76d4ed34b0dccf86eee4f59
-
SHA1
66976a47b502b9e2ddca4d39f409496eeb184335
-
SHA256
1de446ec3ae6ed984e52bd031814ec1397eb5d4f26feb38da866e5b83f6468bd
-
SHA512
417ae8b92fa392c64bcc422878d1761308c83b2694453e56501b0f0dcfe49a40b28187a2431a96d200d5fafbf5309093f6f953fbfa8c9f615844f4782db8f1c2
Malware Config
Extracted
C:\readme.txt
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
Targets
-
-
Target
d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.exe
-
Size
208KB
-
MD5
b3d6ba0aa663f699283d25ddcb6561b9
-
SHA1
a1f27e6be62bf0af7d5bff447156b3413f0d97c8
-
SHA256
d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c
-
SHA512
6d3b5f75169243f44247bb6ad32d6f68d937240e0d1711373012d696729a3e44ad21336e96a5548e11605412365ad4f53d2f5c798e74f204be2c16df5ae610ef
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-