General
-
Target
12e66476395f8c1d0c457a7c13ae71df.zip
-
Size
662KB
-
Sample
210319-vh1g38919e
-
MD5
a4d5bfbaedd923f04011197f66ae5863
-
SHA1
a952ae3befd3fc32128f3a39173c225320ec2ee8
-
SHA256
17d8dc4f6931ece4a4da2d0ac7ccf8ebbb09cbd153aef1ee5e575656a9d95769
-
SHA512
e89a5c2afd6569bae7ad96fb0189376f12027d76911219ef193db54c97e4c1f06124d88b46826d78b216c327acc83b3462142eb04ff269bcbd3983b60628069a
Static task
static1
Behavioral task
behavioral1
Sample
12e66476395f8c1d0c457a7c13ae71df.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
12e66476395f8c1d0c457a7c13ae71df.exe
Resource
win10v20201028
Malware Config
Extracted
C:\_readme.txt
helpteam@mail.ch
helpmanager@airmail.cc
https://we.tl/t-2w03ajSkK1
Targets
-
-
Target
12e66476395f8c1d0c457a7c13ae71df
-
Size
737KB
-
MD5
12e66476395f8c1d0c457a7c13ae71df
-
SHA1
8cb6d53b8b238c0118a0b4748ec54c9aa49123b7
-
SHA256
9bf5a22089f0b74627320945df991bd1dfa37bf5522f8ecb61e5873bc6093f22
-
SHA512
7e80d1b0b45f2f076499d93ef1d810e4a5ad4a4fe5a7156de4cb1a1be1beb779d39912c802a1bead6bbae7f4ce6f8cf64d49441e0d4c12fc488f1d1d90b9150c
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-