General
-
Target
GZTJoxx.exe
-
Size
88KB
-
Sample
210122-s195dsrzqn
-
MD5
19f207b20b1d2a05aba1a1eb59da54d2
-
SHA1
8d75108ec34fd79f8336041d5ff31443cc527add
-
SHA256
8e775324fc69a677394cf6d079d1d45bf53af10acd683bda53e5f86a8a192393
-
SHA512
6a6b97e5f4543437270628af70a67e51a32d1ad9afbc0f19611d0131d9e84154f8525e3aeeb41c82f1c4437694be898b7ef520ac8eddf9b227f3d1013e57f749
Static task
static1
Behavioral task
behavioral1
Sample
GZTJoxx.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
GZTJoxx.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Extracted
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Extracted
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Extracted
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Targets
-
-
Target
GZTJoxx.exe
-
Size
88KB
-
MD5
19f207b20b1d2a05aba1a1eb59da54d2
-
SHA1
8d75108ec34fd79f8336041d5ff31443cc527add
-
SHA256
8e775324fc69a677394cf6d079d1d45bf53af10acd683bda53e5f86a8a192393
-
SHA512
6a6b97e5f4543437270628af70a67e51a32d1ad9afbc0f19611d0131d9e84154f8525e3aeeb41c82f1c4437694be898b7ef520ac8eddf9b227f3d1013e57f749
Score10/10-
TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-