General
-
Target
30FCFF7ADD11EA6685A233C8CE1FC30ABE67044630524A6EB363573A4A9F88B8
-
Size
31KB
-
Sample
210310-lgpvxrvxfj
-
MD5
dd7f88a68a76acc0be9eb0515d54a82a
-
SHA1
ca205a28b8dbd74c60fdeaf522804d5a2a45dd0b
-
SHA256
30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8
-
SHA512
8e99c1d3291dacaf13c7aff75549d50484b593022bdb82cb3ecffd58f0bbf1dd1ae4deeb09f072d4c3f1b8918a0bc785a397143863466975dad950e115db5af6
Static task
static1
Behavioral task
behavioral1
Sample
30FCFF7ADD11EA6685A233C8CE1FC30ABE67044630524A6EB363573A4A9F88B8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
30FCFF7ADD11EA6685A233C8CE1FC30ABE67044630524A6EB363573A4A9F88B8.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\How To Restore Your Files.txt
https://i.imgur.com/RzYzVnY.png
https://i.imgur.com/kJzIOqn.png
https://i.imgur.com/bFdNbyO.png
http://babukq4e2p4wu4iq.onion/login.php?id=0KflFXBAmSHtJrtKWtOPzxZmhJATon
Targets
-
-
Target
30FCFF7ADD11EA6685A233C8CE1FC30ABE67044630524A6EB363573A4A9F88B8
-
Size
31KB
-
MD5
dd7f88a68a76acc0be9eb0515d54a82a
-
SHA1
ca205a28b8dbd74c60fdeaf522804d5a2a45dd0b
-
SHA256
30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8
-
SHA512
8e99c1d3291dacaf13c7aff75549d50484b593022bdb82cb3ecffd58f0bbf1dd1ae4deeb09f072d4c3f1b8918a0bc785a397143863466975dad950e115db5af6
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-