General
-
Target
admin.exe
-
Size
63KB
-
Sample
210417-jn2rzne8lx
-
MD5
ae776cbf46e5d71831c0d0d6c37b3bbf
-
SHA1
3ee387589ef93afe4ed2609c0c242e29f5d164b4
-
SHA256
83e2ba9faf075547be65d2b6dbd13e190a0b1c1cf626788cb756ab7a3c770dcb
-
SHA512
486d0ce8e49b1ab0fd6a56d6982abad8661c35fb27343a623c7a58bf1f5a74ccff3a954d02e9713d501bb72e9dac829f459cad2f1b3cc225ce052568ee3785ee
Static task
static1
Behavioral task
behavioral1
Sample
admin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
admin.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
admin.exe
-
Size
63KB
-
MD5
ae776cbf46e5d71831c0d0d6c37b3bbf
-
SHA1
3ee387589ef93afe4ed2609c0c242e29f5d164b4
-
SHA256
83e2ba9faf075547be65d2b6dbd13e190a0b1c1cf626788cb756ab7a3c770dcb
-
SHA512
486d0ce8e49b1ab0fd6a56d6982abad8661c35fb27343a623c7a58bf1f5a74ccff3a954d02e9713d501bb72e9dac829f459cad2f1b3cc225ce052568ee3785ee
Score9/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-