General
-
Target
2b0e6fa56b8d92be01efdb49e2fe593485629b6cb4247145e8c6d093e54fea22
-
Size
750KB
-
Sample
210511-4zw5n2pndn
-
MD5
b3ff4583ff07d95911af580fd3bf55c8
-
SHA1
c0a79d48a6bd669fdaf51b308ab5827cf1d7e2cd
-
SHA256
2b0e6fa56b8d92be01efdb49e2fe593485629b6cb4247145e8c6d093e54fea22
-
SHA512
c093d08dd30d900d5767601edbc1eefb097d49261e83c2482c9a75f2a5d71c5987c36edeb778db078da1fdeda1c6919077303f70afe0408b05b4f1c09b898995
Static task
static1
Behavioral task
behavioral1
Sample
2b0e6fa56b8d92be01efdb49e2fe593485629b6cb4247145e8c6d093e54fea22.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2b0e6fa56b8d92be01efdb49e2fe593485629b6cb4247145e8c6d093e54fea22.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
2b0e6fa56b8d92be01efdb49e2fe593485629b6cb4247145e8c6d093e54fea22
-
Size
750KB
-
MD5
b3ff4583ff07d95911af580fd3bf55c8
-
SHA1
c0a79d48a6bd669fdaf51b308ab5827cf1d7e2cd
-
SHA256
2b0e6fa56b8d92be01efdb49e2fe593485629b6cb4247145e8c6d093e54fea22
-
SHA512
c093d08dd30d900d5767601edbc1eefb097d49261e83c2482c9a75f2a5d71c5987c36edeb778db078da1fdeda1c6919077303f70afe0408b05b4f1c09b898995
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-