General
-
Target
6068654964506624.zip
-
Size
75KB
-
Sample
210416-m9tmmv9l22
-
MD5
d0cc1d759166881a2372ded33c8bbbf8
-
SHA1
3c1fadeba097e195e4ddaeacdf669511e2dc1e38
-
SHA256
bedfb7fda70c24b31155f1d92a023d770d8049a73cad408f96dcffc94fa2278a
-
SHA512
0945d6869ff3859d240c3d3175978114ac9b8fbb4622bb4e280bfa4426d36ea098a564ad7c52a8c5f01db6477cabbf1e286757df4bf589a9bb26c46d81b5c1b7
Static task
static1
Behavioral task
behavioral1
Sample
2e434bd96b08293786cd010883adfeacce5a30f5743d89c5187f38966b2e5d21.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2e434bd96b08293786cd010883adfeacce5a30f5743d89c5187f38966b2e5d21.exe
Resource
win10v20210408
Malware Config
Extracted
C:\GANGBANG-NOTE.txt
Jeremyspineberg11@tutanota.com
GeromeSkinggagard1999@tutanota.com
Jeremyspineberg11@protonmail.com
http://corpleaks.net
http://hxt254aygrsziejn.onion
Targets
-
-
Target
2e434bd96b08293786cd010883adfeacce5a30f5743d89c5187f38966b2e5d21
-
Size
125KB
-
MD5
173ab5a59490ea2f66fe37c5e20e05b8
-
SHA1
ac091ce1281a16f9d7766a7853108c612f058c09
-
SHA256
2e434bd96b08293786cd010883adfeacce5a30f5743d89c5187f38966b2e5d21
-
SHA512
0e0d2480fb1bcef185a91d49eb49116dd0fc1837fe634d69451adbdfca00e157495590a59d14409073b0b8b5c96ff3a7f34a7f29976e8fa6cd5aa0b8eedeb05e
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-