General
-
Target
db9f5ce9c4bc12ba9769c3f53c5c4c8168faba4cbd5d0119ea99e2db07c1d9bb
-
Size
719KB
-
Sample
210528-7zy57v7ede
-
MD5
456e570841e33662dc1e07fa3cc9f1fe
-
SHA1
271c0abc2698b7bd197dd9a0c9630299849de767
-
SHA256
db9f5ce9c4bc12ba9769c3f53c5c4c8168faba4cbd5d0119ea99e2db07c1d9bb
-
SHA512
4dc75f7f892ce7512df44aa35b45b17a79685b36e8ccfc84ae10fe456cafcfd69b64443765a635174a71c8ef162b6b6dca419a7b85d2c20482e2493e48ca91e9
Static task
static1
Behavioral task
behavioral1
Sample
db9f5ce9c4bc12ba9769c3f53c5c4c8168faba4cbd5d0119ea99e2db07c1d9bb.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
db9f5ce9c4bc12ba9769c3f53c5c4c8168faba4cbd5d0119ea99e2db07c1d9bb.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\KlroT_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\KlroT_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Default\KlroT_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\t0nyiwa_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\.oracle_jre_usage\t0nyiwa_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\t0nyiwa_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\t0nyiwa_readme_.txt
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
db9f5ce9c4bc12ba9769c3f53c5c4c8168faba4cbd5d0119ea99e2db07c1d9bb
-
Size
719KB
-
MD5
456e570841e33662dc1e07fa3cc9f1fe
-
SHA1
271c0abc2698b7bd197dd9a0c9630299849de767
-
SHA256
db9f5ce9c4bc12ba9769c3f53c5c4c8168faba4cbd5d0119ea99e2db07c1d9bb
-
SHA512
4dc75f7f892ce7512df44aa35b45b17a79685b36e8ccfc84ae10fe456cafcfd69b64443765a635174a71c8ef162b6b6dca419a7b85d2c20482e2493e48ca91e9
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-