General
-
Target
58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053.exe
-
Size
29KB
-
Sample
210128-b3gdrfb24s
-
MD5
67e49cfcd12103b5ef2f9f331f092dbe
-
SHA1
72cad5a81ce546b42844b5b8fc2ab55e99f2b5d4
-
SHA256
58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053
-
SHA512
21fa0d1be0d5be2da8c4c68357e1e294503d87c21a304c5811669eaa9aba29b6cfcd077d083547e2f41269b12c6a8da5ad2ea0f1613d9a96917ea01c69fcb087
Static task
static1
Behavioral task
behavioral1
Sample
58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\How To Restore Your Files.txt
http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ
http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm
https://temp.sh/fVAxj/1.png
https://temp.sh/VZRcj/2.png
https://temp.sh/qpkLy/3.png
https://temp.sh/hPkTt/4.png
https://temp.sh/ENvac/5.png
https://temp.sh/YzAJd/6.png
https://temp.sh/eBGdx/7.png
https://temp.sh/KAXUW/8.png
Targets
-
-
Target
58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053.exe
-
Size
29KB
-
MD5
67e49cfcd12103b5ef2f9f331f092dbe
-
SHA1
72cad5a81ce546b42844b5b8fc2ab55e99f2b5d4
-
SHA256
58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053
-
SHA512
21fa0d1be0d5be2da8c4c68357e1e294503d87c21a304c5811669eaa9aba29b6cfcd077d083547e2f41269b12c6a8da5ad2ea0f1613d9a96917ea01c69fcb087
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-