General
-
Target
00dfeaf9e9e405d4ef93ac3fdba22baee2fa49049639af2d0430be9b5fcd1780
-
Size
531KB
-
Sample
210511-kgegev5vya
-
MD5
51b453c6be0760cee06f2168809aa3bf
-
SHA1
dbabf47965dce2a77a96156c76d601d8cbbd5126
-
SHA256
00dfeaf9e9e405d4ef93ac3fdba22baee2fa49049639af2d0430be9b5fcd1780
-
SHA512
59af1fd807c563c375e3b76649593a6f6380f037c814a81044d3c38c813a24acc64d2d1292956a1335c3a7bb815453c2ea6996d313e042594bd7b8400f6809eb
Static task
static1
Behavioral task
behavioral1
Sample
00dfeaf9e9e405d4ef93ac3fdba22baee2fa49049639af2d0430be9b5fcd1780.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
00dfeaf9e9e405d4ef93ac3fdba22baee2fa49049639af2d0430be9b5fcd1780.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
00dfeaf9e9e405d4ef93ac3fdba22baee2fa49049639af2d0430be9b5fcd1780
-
Size
531KB
-
MD5
51b453c6be0760cee06f2168809aa3bf
-
SHA1
dbabf47965dce2a77a96156c76d601d8cbbd5126
-
SHA256
00dfeaf9e9e405d4ef93ac3fdba22baee2fa49049639af2d0430be9b5fcd1780
-
SHA512
59af1fd807c563c375e3b76649593a6f6380f037c814a81044d3c38c813a24acc64d2d1292956a1335c3a7bb815453c2ea6996d313e042594bd7b8400f6809eb
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-