General
-
Target
Compil by raminhk.exe
-
Size
11.7MB
-
Sample
210507-xp1241syps
-
MD5
cae9a30235cd1be5aba8f2969ad82573
-
SHA1
35a86c4eb38a60a22b102b2fb82b34e4126956d2
-
SHA256
24fa69380258da421941c711036a3f0a834ec6eb7919d0a4992b05ea0c549807
-
SHA512
2d50e3aed489f7e18bf076b056e2a5d66dd7cb235b3f0b5b5df96e89d3e7e31afa1d6ee9a37895717a700467b5c7516c9de5740ef990fdbdeb0efabb63ee0930
Static task
static1
Behavioral task
behavioral1
Sample
Compil by raminhk.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Compil by raminhk.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Compil by raminhk.exe
-
Size
11.7MB
-
MD5
cae9a30235cd1be5aba8f2969ad82573
-
SHA1
35a86c4eb38a60a22b102b2fb82b34e4126956d2
-
SHA256
24fa69380258da421941c711036a3f0a834ec6eb7919d0a4992b05ea0c549807
-
SHA512
2d50e3aed489f7e18bf076b056e2a5d66dd7cb235b3f0b5b5df96e89d3e7e31afa1d6ee9a37895717a700467b5c7516c9de5740ef990fdbdeb0efabb63ee0930
Score9/10-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-