General
-
Target
3232021_hades_rsw_4984662693543936.zip
-
Size
1.8MB
-
Sample
210323-ka7t5jjsqn
-
MD5
10997bc7a7bf59f8041090d1a311263a
-
SHA1
e6c1f47546a2a171f1a5d645437a737b84384c59
-
SHA256
3ed8520133ace271da2ac9bf9655151d5c7b7d5507434900c7573fbd468a521f
-
SHA512
7ef99fee9b9e98b9f1e12f76a05a0d8e049d986cc244dd2fcc7254c89fb7b06aa94070ccec46a831130376a75345a23feda797d091044dd5034225191437d2a6
Behavioral task
behavioral1
Sample
fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-gn9cj.txt
Targets
-
-
Target
fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87
-
Size
1.9MB
-
MD5
9fa1ba3e7d6e32f240c790753cdaaf8e
-
SHA1
7bcea3fbfcb4c170c57c9050499e1fae40f5d731
-
SHA256
fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87
-
SHA512
8d2fb58cb8776ead15f445671431eae13a00b48921e545c7ecbf91829015d818d663d9369f181de669ebb771b113c2f675c3a156fac5ede019b5fad9cb8c65fe
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-