General
-
Target
aa625b84_by_Libranalysis
-
Size
534KB
-
Sample
210505-957vy82fxn
-
MD5
aa625b8479b7874ae21cfce7f0bd6de1
-
SHA1
f5906108c38dd0ff1a5f846f80cbc648f03e5f0a
-
SHA256
5f32ef9a224027930381255b1ff7d6be7af83f4886006243effeee31ec775b6e
-
SHA512
3d047f66aff1786cce70dd8f465e0332a329d2e50c47fa63dab56a81923c3e19f6e536bfdef1d0f978b9ab41043e4aa836a54734e1a569577c58cd35065b7f82
Static task
static1
Behavioral task
behavioral1
Sample
aa625b84_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
aa625b84_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
aa625b84_by_Libranalysis
-
Size
534KB
-
MD5
aa625b8479b7874ae21cfce7f0bd6de1
-
SHA1
f5906108c38dd0ff1a5f846f80cbc648f03e5f0a
-
SHA256
5f32ef9a224027930381255b1ff7d6be7af83f4886006243effeee31ec775b6e
-
SHA512
3d047f66aff1786cce70dd8f465e0332a329d2e50c47fa63dab56a81923c3e19f6e536bfdef1d0f978b9ab41043e4aa836a54734e1a569577c58cd35065b7f82
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-