General
-
Target
wyooy@aol.com.exe
-
Size
1.3MB
-
Sample
210414-wmpsdm8tyj
-
MD5
645d774a869c582b2c46beed455321d4
-
SHA1
e94862c25377373f54ce668051df0d95d3746514
-
SHA256
21420b8630260dae7f0ea14a319a8b3ae6910def98599109b365f710e835b9c4
-
SHA512
2c7cc053ed79e52f7e2ae508d2d832e6efa0b9a24dc71158fbc25d829c3d9ad8aa8f5c04e7fff94152dacc04cc1d7604da147ee201d900efcbcc62fe95f15b81
Static task
static1
Behavioral task
behavioral1
Sample
wyooy@aol.com.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
wyooy@aol.com.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Public\Desktop\Decrypt-me.txt
Email:wyooy@tutanota.com
Answer:wyooy@aol.com
Targets
-
-
Target
wyooy@aol.com.exe
-
Size
1.3MB
-
MD5
645d774a869c582b2c46beed455321d4
-
SHA1
e94862c25377373f54ce668051df0d95d3746514
-
SHA256
21420b8630260dae7f0ea14a319a8b3ae6910def98599109b365f710e835b9c4
-
SHA512
2c7cc053ed79e52f7e2ae508d2d832e6efa0b9a24dc71158fbc25d829c3d9ad8aa8f5c04e7fff94152dacc04cc1d7604da147ee201d900efcbcc62fe95f15b81
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-