General
-
Target
OrionRansomware.bin.zip
-
Size
1.3MB
-
Sample
210424-ee8bqjc796
-
MD5
10c44f3039aec12718bc0d767602f941
-
SHA1
e252ce4025826424d4706e8a6cdb8069dbcf6fb0
-
SHA256
656c3b8670f697458b20b7caf26ff1b0f724d39d7131c0c048a6786c2013b5f2
-
SHA512
9cb7a91e2997fc2ab40b6dd3bc9794e2e1ef9a08d0c435c1df6a1a210664328a1f976298e0926ace45ce0ca04e1c0c4570eba85b3be4176f6acec3fd4edeff0d
Static task
static1
Behavioral task
behavioral1
Sample
OrionRansomware.bin.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
OrionRansomware.bin
-
Size
2.4MB
-
MD5
b5f936358b6559ac3c71fd53c0f09f0e
-
SHA1
2e8f3aa5b5106bfcc1b4438feaf87423e5ea1daa
-
SHA256
4ed043fb22387fa9a6914744df7c28669e587fd2fcc5b3a4d7ceabdae88c82fd
-
SHA512
d9235fbc502c22ddd18436aedccf89c830e7cda975b1b581cfb9f5434ca16893388effc533009f20f6a9e71f0ba23cb8217d2f6c0d6fa75008c80fc2dbc321e9
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-