General
-
Target
Client-0.exe
-
Size
94KB
-
Sample
210413-bylytrx5w2
-
MD5
22d0f1145b7f4f4a0c478ab27331909f
-
SHA1
2c6f0936f7a8eaf7ca8e2669a50c86df0d9d21c8
-
SHA256
9e573ba20b55f6149d801491c0ebb51c9f1c954b956a2f6cea6f18af68f0164b
-
SHA512
ebca5fa978c534d54afdc9becd4ca7b1e1c288d4139a3140d06b4510344ac63f2d0c71526bd5c41c63e8457a6cef68cfd36923b940dcfb6374b09a777a00948c
Static task
static1
Behavioral task
behavioral1
Sample
Client-0.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Client-0.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
black_privat@tuta.io
darkseid@tutamail.com
Extracted
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
black_privat@tuta.io
darkseid@tutamail.com
Extracted
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
black_privat@tuta.io
darkseid@tutamail.com
Extracted
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
black_privat@tuta.io
darkseid@tutamail.com
Targets
-
-
Target
Client-0.exe
-
Size
94KB
-
MD5
22d0f1145b7f4f4a0c478ab27331909f
-
SHA1
2c6f0936f7a8eaf7ca8e2669a50c86df0d9d21c8
-
SHA256
9e573ba20b55f6149d801491c0ebb51c9f1c954b956a2f6cea6f18af68f0164b
-
SHA512
ebca5fa978c534d54afdc9becd4ca7b1e1c288d4139a3140d06b4510344ac63f2d0c71526bd5c41c63e8457a6cef68cfd36923b940dcfb6374b09a777a00948c
Score10/10-
TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
-
Modifies Windows Firewall
-
Deletes itself
-
Drops startup file
-
Modifies file permissions
-
Modifies WinLogon
-