General
-
Target
257dd5f0_by_Libranalysis
-
Size
748KB
-
Sample
210505-9pj9m5s75j
-
MD5
257dd5f02ecb4a7d1ac67d586808994f
-
SHA1
c9ff2efde6c2ddd9daefdc1a1317aad96acd5651
-
SHA256
58efe97ae6d0ed8735205f55a86f569d93517894dee7bf92c2a13918ff9ad10a
-
SHA512
910fb0046fbb96f722e86e3713f71e54f647ba11c38bf9c1e345b7d726ac144470e7f1f63488d35a9801f9e224907e6b2687f7d1f08d0a938033b477eba4cec4
Static task
static1
Behavioral task
behavioral1
Sample
257dd5f0_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
257dd5f0_by_Libranalysis.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
257dd5f0_by_Libranalysis
-
Size
748KB
-
MD5
257dd5f02ecb4a7d1ac67d586808994f
-
SHA1
c9ff2efde6c2ddd9daefdc1a1317aad96acd5651
-
SHA256
58efe97ae6d0ed8735205f55a86f569d93517894dee7bf92c2a13918ff9ad10a
-
SHA512
910fb0046fbb96f722e86e3713f71e54f647ba11c38bf9c1e345b7d726ac144470e7f1f63488d35a9801f9e224907e6b2687f7d1f08d0a938033b477eba4cec4
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-