General
-
Target
e32987df25ef2c0a10744ff53d950260b82137b5758d426191b4e8c0f0685b5f
-
Size
656KB
-
Sample
210511-d12a87v256
-
MD5
7bdfb0bc09665d2a8f1fa3950acd16a7
-
SHA1
03fefa06867106d052934fdd5d8752b9298d90df
-
SHA256
e32987df25ef2c0a10744ff53d950260b82137b5758d426191b4e8c0f0685b5f
-
SHA512
fac1c67bfd41c04a8798d30450d4ce481193fcd31ec749cd3b5a25d0daa860b290b55e29aec7ee1933593dd75e96a7f9b113c3bfcc5f3da10c24a0ddb2246a9f
Static task
static1
Behavioral task
behavioral1
Sample
e32987df25ef2c0a10744ff53d950260b82137b5758d426191b4e8c0f0685b5f.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e32987df25ef2c0a10744ff53d950260b82137b5758d426191b4e8c0f0685b5f.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
e32987df25ef2c0a10744ff53d950260b82137b5758d426191b4e8c0f0685b5f
-
Size
656KB
-
MD5
7bdfb0bc09665d2a8f1fa3950acd16a7
-
SHA1
03fefa06867106d052934fdd5d8752b9298d90df
-
SHA256
e32987df25ef2c0a10744ff53d950260b82137b5758d426191b4e8c0f0685b5f
-
SHA512
fac1c67bfd41c04a8798d30450d4ce481193fcd31ec749cd3b5a25d0daa860b290b55e29aec7ee1933593dd75e96a7f9b113c3bfcc5f3da10c24a0ddb2246a9f
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-