General
-
Target
wqm58yk7.exe
-
Size
104KB
-
Sample
210122-vrb63wpxca
-
MD5
48ea3794091a9f17e12f5c1a90e1f7d7
-
SHA1
1bb17eef59764e84f95b7a5c0aad649b8517ee43
-
SHA256
dcd725c415cebc7df170edf49af18d6f86e76ef75185737de5959405f4aecc56
-
SHA512
0355be6a2b2cf58d4ca5b11de5f84803240587937cd28d064df20ac38c945352e14c78e21006824114f67ede71be3ab27cc27b05759fc23a1fb8dcfa31a7244f
Static task
static1
Behavioral task
behavioral1
Sample
wqm58yk7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
wqm58yk7.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Extracted
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Extracted
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
workplus111@protonmail.com
worker400@airmail.cc
Targets
-
-
Target
wqm58yk7.exe
-
Size
104KB
-
MD5
48ea3794091a9f17e12f5c1a90e1f7d7
-
SHA1
1bb17eef59764e84f95b7a5c0aad649b8517ee43
-
SHA256
dcd725c415cebc7df170edf49af18d6f86e76ef75185737de5959405f4aecc56
-
SHA512
0355be6a2b2cf58d4ca5b11de5f84803240587937cd28d064df20ac38c945352e14c78e21006824114f67ede71be3ab27cc27b05759fc23a1fb8dcfa31a7244f
Score10/10-
TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
-
Modifies Windows Firewall
-
Drops startup file
-
Modifies file permissions
-