General
-
Target
c90e6f66f74c4c2620aff75978b6ec993fbf3b133d6a1b99fa83c82e62109748
-
Size
748KB
-
Sample
210511-4ay5vdg3gn
-
MD5
395eab19e7ab2768627aca6366242276
-
SHA1
4a45ef006df9e65332251f9ee7b49a83fbed3b26
-
SHA256
c90e6f66f74c4c2620aff75978b6ec993fbf3b133d6a1b99fa83c82e62109748
-
SHA512
614e77f13ace77a874386ff84dfcadf86a90db5a84ca7dbaa3ea8f4507b5c36fda273a8e4d58c95a65ead1859f8e2a240ecacd50a55d20b6daacbcde930ca6f5
Static task
static1
Behavioral task
behavioral1
Sample
c90e6f66f74c4c2620aff75978b6ec993fbf3b133d6a1b99fa83c82e62109748.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
c90e6f66f74c4c2620aff75978b6ec993fbf3b133d6a1b99fa83c82e62109748.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
c90e6f66f74c4c2620aff75978b6ec993fbf3b133d6a1b99fa83c82e62109748
-
Size
748KB
-
MD5
395eab19e7ab2768627aca6366242276
-
SHA1
4a45ef006df9e65332251f9ee7b49a83fbed3b26
-
SHA256
c90e6f66f74c4c2620aff75978b6ec993fbf3b133d6a1b99fa83c82e62109748
-
SHA512
614e77f13ace77a874386ff84dfcadf86a90db5a84ca7dbaa3ea8f4507b5c36fda273a8e4d58c95a65ead1859f8e2a240ecacd50a55d20b6daacbcde930ca6f5
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-