General
-
Target
279e64be324c8c9f3863e3bb4aecee03e64a34c071c3fb70b007a2833079fffb
-
Size
532KB
-
Sample
210511-jmewnahyrs
-
MD5
2146eb12d4f3329cb86bb6d297f6c157
-
SHA1
8ad0a576e0f8b3cc3f10d5cf75d9bb6890ded77d
-
SHA256
279e64be324c8c9f3863e3bb4aecee03e64a34c071c3fb70b007a2833079fffb
-
SHA512
d700600c6b41f4231b93b424624292a0cd8106204b00a3c550dab67bee526686a003511508390b3ece947506ea084e9a2cf77e0c84c00edf400f8e67099f39f9
Static task
static1
Behavioral task
behavioral1
Sample
279e64be324c8c9f3863e3bb4aecee03e64a34c071c3fb70b007a2833079fffb.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
279e64be324c8c9f3863e3bb4aecee03e64a34c071c3fb70b007a2833079fffb.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
279e64be324c8c9f3863e3bb4aecee03e64a34c071c3fb70b007a2833079fffb
-
Size
532KB
-
MD5
2146eb12d4f3329cb86bb6d297f6c157
-
SHA1
8ad0a576e0f8b3cc3f10d5cf75d9bb6890ded77d
-
SHA256
279e64be324c8c9f3863e3bb4aecee03e64a34c071c3fb70b007a2833079fffb
-
SHA512
d700600c6b41f4231b93b424624292a0cd8106204b00a3c550dab67bee526686a003511508390b3ece947506ea084e9a2cf77e0c84c00edf400f8e67099f39f9
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-