General
-
Target
b1e13ac6_by_Libranalysis
-
Size
624KB
-
Sample
210505-7vrxln8phs
-
MD5
b1e13ac67f1595460a6bb752c57d1763
-
SHA1
abc71788fd8e7ba7c9d8693bd64fdc8503b0cfd4
-
SHA256
357bb9f6a7f23022ae20ce04a376add44d82bfacc358e6364a91c11d3cbef5af
-
SHA512
fb5828efac2203287e00044b29423c0b224ccaf9ea3d01d3ae9cfbe394136597aca1b523622c32033e610c4e8d5de81a5a261a442101c1d5f5bd1b578284c290
Static task
static1
Behavioral task
behavioral1
Sample
b1e13ac6_by_Libranalysis.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b1e13ac6_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
b1e13ac6_by_Libranalysis
-
Size
624KB
-
MD5
b1e13ac67f1595460a6bb752c57d1763
-
SHA1
abc71788fd8e7ba7c9d8693bd64fdc8503b0cfd4
-
SHA256
357bb9f6a7f23022ae20ce04a376add44d82bfacc358e6364a91c11d3cbef5af
-
SHA512
fb5828efac2203287e00044b29423c0b224ccaf9ea3d01d3ae9cfbe394136597aca1b523622c32033e610c4e8d5de81a5a261a442101c1d5f5bd1b578284c290
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-