General
-
Target
b5466ce462df16b3a29f22192b1291d70479cacf35bd5e937f35b2567da948fe
-
Size
169KB
-
Sample
210414-yp66hntkb6
-
MD5
98562209465bec53327e65649a2b8829
-
SHA1
3a47656ed3df213bd934aa01078a863568fe9f2b
-
SHA256
b5466ce462df16b3a29f22192b1291d70479cacf35bd5e937f35b2567da948fe
-
SHA512
c11ce14f9cb75df2bc9bd81971c1f8fa885815715f389eb8e796e0f657de59756b36a6f896c216a03c7be7bb3ddff9b8a47aee71146760e4f4d9c6bdc0ff2cc3
Static task
static1
Behavioral task
behavioral1
Sample
b5466ce462df16b3a29f22192b1291d70479cacf35bd5e937f35b2567da948fe.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b5466ce462df16b3a29f22192b1291d70479cacf35bd5e937f35b2567da948fe.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\!!Read_Me.C722E.html
dayt0na@tutanota.com
daytona@cock.lu
potts@secmail.pro
http://wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
Targets
-
-
Target
b5466ce462df16b3a29f22192b1291d70479cacf35bd5e937f35b2567da948fe
-
Size
169KB
-
MD5
98562209465bec53327e65649a2b8829
-
SHA1
3a47656ed3df213bd934aa01078a863568fe9f2b
-
SHA256
b5466ce462df16b3a29f22192b1291d70479cacf35bd5e937f35b2567da948fe
-
SHA512
c11ce14f9cb75df2bc9bd81971c1f8fa885815715f389eb8e796e0f657de59756b36a6f896c216a03c7be7bb3ddff9b8a47aee71146760e4f4d9c6bdc0ff2cc3
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-