General
-
Target
227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb
-
Size
7.0MB
-
Sample
210511-y3dap8fxcn
-
MD5
6cc7273b2bc3fa2e5632418b8738e329
-
SHA1
8e8def5c80c4fc1e7e10027ab3e3be2b0a72a1af
-
SHA256
227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb
-
SHA512
22199ec6d91e72157d49839e56f2658007082eae8c077d31f2dd906336fea3c2bfa17b2543bf2495a34839921b3a0a76d783371e2a117d263afea5ed2dff618b
Static task
static1
Behavioral task
behavioral1
Sample
227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb
-
Size
7.0MB
-
MD5
6cc7273b2bc3fa2e5632418b8738e329
-
SHA1
8e8def5c80c4fc1e7e10027ab3e3be2b0a72a1af
-
SHA256
227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb
-
SHA512
22199ec6d91e72157d49839e56f2658007082eae8c077d31f2dd906336fea3c2bfa17b2543bf2495a34839921b3a0a76d783371e2a117d263afea5ed2dff618b
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-