General
-
Target
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
-
Size
61KB
-
Sample
210418-q2crs95e5n
-
MD5
077fccc46159f8ccd79fcd50787db1c9
-
SHA1
288635e27276ba6da3291d0982a8f0f23ae0065e
-
SHA256
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
-
SHA512
6028a1b66ea3e6baae6c11005596c6a6fff982d132ad23c502bf57c5d0995829f983963ba451142f2780214da6c8588e8f83b2972d289367300094fee9cebe74
Static task
static1
Behavioral task
behavioral1
Sample
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
-
Size
61KB
-
MD5
077fccc46159f8ccd79fcd50787db1c9
-
SHA1
288635e27276ba6da3291d0982a8f0f23ae0065e
-
SHA256
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
-
SHA512
6028a1b66ea3e6baae6c11005596c6a6fff982d132ad23c502bf57c5d0995829f983963ba451142f2780214da6c8588e8f83b2972d289367300094fee9cebe74
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-