General
-
Target
compile by raminhk.exe
-
Size
6.7MB
-
Sample
210507-9ae1p7es9e
-
MD5
4ce7c1e483beb642f43715a47b96e32b
-
SHA1
47e02b2248dec9ff925d423374773a585742d0ae
-
SHA256
d62702dc15f7812688bd00b483e2d3b54c44593c76ac7118ee85560a7bd3361e
-
SHA512
122def960135c894e28c9f2d8dfb461e74e22efd76b31673b9462a90484eaae9b47d88a7c8f5519f10762960a669cb87ece43315dbf730a0e06e572f03aea3f1
Static task
static1
Behavioral task
behavioral1
Sample
compile by raminhk.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
compile by raminhk.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
compile by raminhk.exe
-
Size
6.7MB
-
MD5
4ce7c1e483beb642f43715a47b96e32b
-
SHA1
47e02b2248dec9ff925d423374773a585742d0ae
-
SHA256
d62702dc15f7812688bd00b483e2d3b54c44593c76ac7118ee85560a7bd3361e
-
SHA512
122def960135c894e28c9f2d8dfb461e74e22efd76b31673b9462a90484eaae9b47d88a7c8f5519f10762960a669cb87ece43315dbf730a0e06e572f03aea3f1
Score9/10-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-