General
-
Target
a8e360e74dc11c1386e9f07f24173526b05ba1d837406a8908992e1f3b30589e
-
Size
1.3MB
-
Sample
210511-k4f7lfak72
-
MD5
ba32aa4b7aecc456c2ed45be80ee85d8
-
SHA1
bf86407e3102b720d7c1106bc5e2a2efee30c00d
-
SHA256
a8e360e74dc11c1386e9f07f24173526b05ba1d837406a8908992e1f3b30589e
-
SHA512
0c87bc43ce34983b7c20f7a080199cdbe77c1d04dbd30a9eac76b14c8f69e7d0081b1998b880f4c9dce37a1e6c05e9248edff14fafff1da4c5a3b17594a5e1c4
Static task
static1
Behavioral task
behavioral1
Sample
a8e360e74dc11c1386e9f07f24173526b05ba1d837406a8908992e1f3b30589e.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a8e360e74dc11c1386e9f07f24173526b05ba1d837406a8908992e1f3b30589e.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
a8e360e74dc11c1386e9f07f24173526b05ba1d837406a8908992e1f3b30589e
-
Size
1.3MB
-
MD5
ba32aa4b7aecc456c2ed45be80ee85d8
-
SHA1
bf86407e3102b720d7c1106bc5e2a2efee30c00d
-
SHA256
a8e360e74dc11c1386e9f07f24173526b05ba1d837406a8908992e1f3b30589e
-
SHA512
0c87bc43ce34983b7c20f7a080199cdbe77c1d04dbd30a9eac76b14c8f69e7d0081b1998b880f4c9dce37a1e6c05e9248edff14fafff1da4c5a3b17594a5e1c4
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-