General
-
Target
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
-
Size
27KB
-
Sample
210120-5tcynbb182
-
MD5
015e93d82958f4edbc4c8807eeefc430
-
SHA1
9517634369b86197f14ae25ffa69a138ab6fe446
-
SHA256
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6
-
SHA512
fa9fc3f5565eb6f84331fb068b70b110aefd87d73ec5c9fabda0819886dca3617dbe4b712eda1a68254352f931cd6bca6c4878d515a793697ae410e19884ebbd
Static task
static1
Behavioral task
behavioral1
Sample
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\DECR.TXT
babukrip@protonmail.ch
Extracted
\??\M:\DECR.TXT
babukrip@protonmail.ch
Targets
-
-
Target
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
-
Size
27KB
-
MD5
015e93d82958f4edbc4c8807eeefc430
-
SHA1
9517634369b86197f14ae25ffa69a138ab6fe446
-
SHA256
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6
-
SHA512
fa9fc3f5565eb6f84331fb068b70b110aefd87d73ec5c9fabda0819886dca3617dbe4b712eda1a68254352f931cd6bca6c4878d515a793697ae410e19884ebbd
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-