General
-
Target
a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin
-
Size
54KB
-
Sample
210413-1bgrp73q6a
-
MD5
0390938e8a9df14af45e264a128a5bf8
-
SHA1
f90f83c3dbcbe9b5437316a67a8abe6a101ef4c3
-
SHA256
a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210
-
SHA512
c4b8d0d086a7f3c9aa83e2ad5baa36027cd8785878913b7dc0ad698066aaa0f298dec59cb6fb42cf76530c8be9b242bdacfb1253eb02a6ad84a872df4c586e98
Static task
static1
Behavioral task
behavioral1
Sample
a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe
Resource
win10v20210408
Malware Config
Extracted
C:\\README.949640ab.TXT
https://ibb.co/VVs2pWQ
https://ibb.co/6mTC5z5
https://ibb.co/fkrPPvX
https://ibb.co/rHpTh5S
https://ibb.co/4KV5bZY
https://ibb.co/njzryN8
https://ibb.co/qRS30cL
https://ibb.co/1bwGGHH
https://ibb.co/dKbwVVY
https://ibb.co/8Nj4QQs
https://ibb.co/Csfhmq0
https://ibb.co/tbN2pXn
https://ibb.co/6ghqgbN
https://ibb.co/TgHvsjc
https://ibb.co/rQjXnyp
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/2E84SN8WJ11IAIH947RGEYOYSO4S8DE3I3J16I5AXKUV2X4FZZN93AZ3D87T2E2O
Targets
-
-
Target
a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin
-
Size
54KB
-
MD5
0390938e8a9df14af45e264a128a5bf8
-
SHA1
f90f83c3dbcbe9b5437316a67a8abe6a101ef4c3
-
SHA256
a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210
-
SHA512
c4b8d0d086a7f3c9aa83e2ad5baa36027cd8785878913b7dc0ad698066aaa0f298dec59cb6fb42cf76530c8be9b242bdacfb1253eb02a6ad84a872df4c586e98
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-