General
-
Target
e826.exe
-
Size
371KB
-
Sample
210427-c5t29xdlb2
-
MD5
e38ccca299db41904493bfc51ced614d
-
SHA1
4b9a2c510913dc92cf8f5f879ab198fe5e54f544
-
SHA256
fa789f56ef3f5075fc02c53cd937fe1580ae46217cf0a82bd4871043276fb086
-
SHA512
961b03275cd76f4074e1c622216903678067f6115ce6f004be3c62939a13653891f87718e587a9155de999bf9d7c167a687290b7bab40443cf3395f9486ce654
Static task
static1
Behavioral task
behavioral1
Sample
e826.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e826.exe
Resource
win10v20210410
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
rootiunik@cock.li
TimothyCrabtree@protonmail.com
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
rootiunik@cock.li
TimothyCrabtree@protonmail.com
Targets
-
-
Target
e826.exe
-
Size
371KB
-
MD5
e38ccca299db41904493bfc51ced614d
-
SHA1
4b9a2c510913dc92cf8f5f879ab198fe5e54f544
-
SHA256
fa789f56ef3f5075fc02c53cd937fe1580ae46217cf0a82bd4871043276fb086
-
SHA512
961b03275cd76f4074e1c622216903678067f6115ce6f004be3c62939a13653891f87718e587a9155de999bf9d7c167a687290b7bab40443cf3395f9486ce654
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-