General
-
Target
Compile.exe
-
Size
6.6MB
-
Sample
210507-xayfvgapln
-
MD5
0063315a032fd1d3728c2f6e726a30d0
-
SHA1
9c2bc3b753ee4ce52f9d48f9d2c067cb1ce5eb24
-
SHA256
f0f3009b3d88e680f9e022575be694cb565ec8824d8d3252a8af43b00fb2dd36
-
SHA512
0c5d05c8dfdbf7f7394664054a9acd0d02ac54f7eac8e78dae2f8987583c7a66974e1fe1b4e429df710d1f0b5d6c711da96113ec0d497be14355336cf854450f
Static task
static1
Behavioral task
behavioral1
Sample
Compile.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Compile.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Compile.exe
-
Size
6.6MB
-
MD5
0063315a032fd1d3728c2f6e726a30d0
-
SHA1
9c2bc3b753ee4ce52f9d48f9d2c067cb1ce5eb24
-
SHA256
f0f3009b3d88e680f9e022575be694cb565ec8824d8d3252a8af43b00fb2dd36
-
SHA512
0c5d05c8dfdbf7f7394664054a9acd0d02ac54f7eac8e78dae2f8987583c7a66974e1fe1b4e429df710d1f0b5d6c711da96113ec0d497be14355336cf854450f
Score9/10-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-