General
-
Target
Fast.exe
-
Size
56KB
-
Sample
210419-c2b7f1w482
-
MD5
570c8f24ff863f286366b9469d289a39
-
SHA1
ed5400599d048c7a0ffd32459ffb9852904aacd9
-
SHA256
c7703c115b1ec3fb755e570ee94c782e03097ed6c054c7872d34d2379409181f
-
SHA512
57903a5f1d463d5b978018670c686d462f37bb8db8c60ba8b83054ab9413ef5b122b39fc59c2d6dcb320e84f933200e80a1e10a7a0a43ede9552cd22a61b3c55
Static task
static1
Behavioral task
behavioral1
Sample
Fast.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Fast.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Desktop\info.hta
Kaseno@firemail.cc
zezoxo@libertymail.net
togerpo@zohomail.eu
Extracted
C:\Users\Admin\Desktop\info.hta
Kaseno@firemail.cc
zezoxo@libertymail.net
togerpo@zohomail.eu
Targets
-
-
Target
Fast.exe
-
Size
56KB
-
MD5
570c8f24ff863f286366b9469d289a39
-
SHA1
ed5400599d048c7a0ffd32459ffb9852904aacd9
-
SHA256
c7703c115b1ec3fb755e570ee94c782e03097ed6c054c7872d34d2379409181f
-
SHA512
57903a5f1d463d5b978018670c686d462f37bb8db8c60ba8b83054ab9413ef5b122b39fc59c2d6dcb320e84f933200e80a1e10a7a0a43ede9552cd22a61b3c55
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-