General
-
Target
mod_c.exe
-
Size
1.8MB
-
Sample
210326-r96vq4f4hs
-
MD5
be4c5e4713009e5446ee042ba7c33fe0
-
SHA1
f8e52380b6f3668d4de6df416c8da389c0d98fe8
-
SHA256
7272457bac023e7ab635fc3d82212a89918de36d5433dd389e6151805e47b0cd
-
SHA512
96612ab271e5adbfc911d65abc5ed56973d3539ff98c10e13daac782dcbfa43606ed89fa8efa0b203fd000cbbf76fea04d3844723c9dc075ba9a4fe55cb78e4d
Behavioral task
behavioral1
Sample
mod_c.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
mod_c.exe
Resource
win10v20201028
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-dvxr9.txt
http://o76s3m7l5ogig4u5.onion
Targets
-
-
Target
mod_c.exe
-
Size
1.8MB
-
MD5
be4c5e4713009e5446ee042ba7c33fe0
-
SHA1
f8e52380b6f3668d4de6df416c8da389c0d98fe8
-
SHA256
7272457bac023e7ab635fc3d82212a89918de36d5433dd389e6151805e47b0cd
-
SHA512
96612ab271e5adbfc911d65abc5ed56973d3539ff98c10e13daac782dcbfa43606ed89fa8efa0b203fd000cbbf76fea04d3844723c9dc075ba9a4fe55cb78e4d
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-