General
-
Target
02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851
-
Size
142KB
-
Sample
210209-z84w891v5s
-
MD5
39ea2394a6e6c39c5d7722dc996daf05
-
SHA1
ca010ca1e7d5104049c09eefca128cc0e50729e1
-
SHA256
02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851
-
SHA512
90df3cd613c83a3aed88183e3b67ee6affc76690b47ff819fc147191d60a03e720aeb371bc1c3d96954699c01fe1b79084cda4369f89f805ea5501e4d86a3974
Static task
static1
Behavioral task
behavioral1
Sample
02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\DECRYPT_NOTE.txt
http://decrypts3nln3tic.onion/secret/18ebdc51148b7c55b451a7d070d706078293f4df2ca6d4f3a485367156f2ac43
Targets
-
-
Target
02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851
-
Size
142KB
-
MD5
39ea2394a6e6c39c5d7722dc996daf05
-
SHA1
ca010ca1e7d5104049c09eefca128cc0e50729e1
-
SHA256
02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851
-
SHA512
90df3cd613c83a3aed88183e3b67ee6affc76690b47ff819fc147191d60a03e720aeb371bc1c3d96954699c01fe1b79084cda4369f89f805ea5501e4d86a3974
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-