General
-
Target
c2f2834b216ef788b6c0568d0267223c.zip
-
Size
648KB
-
Sample
210319-3wd4bxw5x2
-
MD5
2a11b08bc5bf827d12a1242e6bba687d
-
SHA1
32e9662c969373e6aa15cab7c899871e47a87960
-
SHA256
1d6671093c87f2e76df8e243a8eba7c47e93a4dafe1d287450f198f3e2af40ee
-
SHA512
03f203947b2652faba72e8e35041898c6967fa7a37520ae47f1bb1cdaa58632ca1289893fad33e273901f16e8d45c85319e90e1db529fc41d0d905c77d2ad6d1
Static task
static1
Behavioral task
behavioral1
Sample
c2f2834b216ef788b6c0568d0267223c.exe
Resource
win10v20201028
Malware Config
Extracted
C:\_readme.txt
helpteam@mail.ch
helpmanager@airmail.cc
https://we.tl/t-NuEqGxqRg2
Targets
-
-
Target
c2f2834b216ef788b6c0568d0267223c
-
Size
713KB
-
MD5
c2f2834b216ef788b6c0568d0267223c
-
SHA1
77629d77891b0e995cbd577c7835d7465e5f8ff7
-
SHA256
b055016e0d82c57b58cd126f26b4b8f4dae1441f0019bdaa42452e815f128944
-
SHA512
7ccdb7dcb37a75b120655458eedfbf7057144d50c820e9acff72d018b613bee9a26263c4a1cd8b4d3a090c52ae66c7af0daa9bf4e39f5e3fc176f9f13b6b968a
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-