General
-
Target
e3518a8b3fd422f192fd90049186ea01ff120bdb72d3652c0933b31399b9b90f.exe
-
Size
7KB
-
Sample
210419-2whtww27bn
-
MD5
be6be1c81865e4eb75d01a918812ddea
-
SHA1
1482d68b097f8ff8c6257a754d7d452b0e34829f
-
SHA256
e3518a8b3fd422f192fd90049186ea01ff120bdb72d3652c0933b31399b9b90f
-
SHA512
ea13391c0fd196486ed40cf359e18995f787a8e46a568f9795ab113757def02ba8f5536a48739c77c9fd2c4eaf763713b31a2e5ebeb0cbab644119d62406ec21
Static task
static1
Behavioral task
behavioral1
Sample
e3518a8b3fd422f192fd90049186ea01ff120bdb72d3652c0933b31399b9b90f.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
e3518a8b3fd422f192fd90049186ea01ff120bdb72d3652c0933b31399b9b90f.exe
Resource
win10v20210410
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-2513283230-931923277-594887482-1000\HOW TO DECRYPT FILES.txt
bufalo@boximail.com
3QgJDoVEaksAs9kFz1vcueG8DKF4hPrARW
Targets
-
-
Target
e3518a8b3fd422f192fd90049186ea01ff120bdb72d3652c0933b31399b9b90f.exe
-
Size
7KB
-
MD5
be6be1c81865e4eb75d01a918812ddea
-
SHA1
1482d68b097f8ff8c6257a754d7d452b0e34829f
-
SHA256
e3518a8b3fd422f192fd90049186ea01ff120bdb72d3652c0933b31399b9b90f
-
SHA512
ea13391c0fd196486ed40cf359e18995f787a8e46a568f9795ab113757def02ba8f5536a48739c77c9fd2c4eaf763713b31a2e5ebeb0cbab644119d62406ec21
Score10/10-
Drops file in Drivers directory
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-