General
-
Target
Compile by raminhk 2.exe
-
Size
7.9MB
-
Sample
210507-v5c45xknfs
-
MD5
fb9eb8850ee963bc69583f0227803aef
-
SHA1
a8c4277662b79d84ebec5f17b83153d364a478a7
-
SHA256
373dd8d9b31679fa1f46779be91f0d8e378af030bffe91de45d150c78e2cae53
-
SHA512
2d26b6f014ac2ca6b925ab5dfe259847869d3967754de91c8434f0a932bd2ec844403dfa2bc5b5c3442730c42500e2f0c45d321b416450012aae62128e74942c
Static task
static1
Behavioral task
behavioral1
Sample
Compile by raminhk 2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Compile by raminhk 2.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Compile by raminhk 2.exe
-
Size
7.9MB
-
MD5
fb9eb8850ee963bc69583f0227803aef
-
SHA1
a8c4277662b79d84ebec5f17b83153d364a478a7
-
SHA256
373dd8d9b31679fa1f46779be91f0d8e378af030bffe91de45d150c78e2cae53
-
SHA512
2d26b6f014ac2ca6b925ab5dfe259847869d3967754de91c8434f0a932bd2ec844403dfa2bc5b5c3442730c42500e2f0c45d321b416450012aae62128e74942c
Score9/10-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-