General
-
Target
svchosts.exe
-
Size
13KB
-
Sample
210610-9aj6xcwssa
-
MD5
43859f9a480451304b2efb0e2bc5ba72
-
SHA1
c05a69cfa4bede3a58f48ff09de4f49aa988faee
-
SHA256
17ba67b2b5ec20c5fec06a580e293eefc665fc89f8bfc00d6b9b715bffa2d845
-
SHA512
22e3da706a0b5e4e360c97f3bc80c4ab55e4ffff62aab92adc13e5c2ee2d06f93178504049a3a620a88d30c57b7cf3a53c9ef9166804a1115c4b821f9d092afe
Static task
static1
Behavioral task
behavioral1
Sample
svchosts.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
svchosts.exe
Resource
win10v20210408
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-2513283230-931923277-594887482-1000\#Decrypt#.txt
https://icq.com/windows/
https://icq.im/xhamster2020
Extracted
C:\$Recycle.Bin\S-1-5-21-1594587808-2047097707-2163810515-1000\#Decrypt#.txt
https://icq.com/windows/
https://icq.im/xhamster2020
Targets
-
-
Target
svchosts.exe
-
Size
13KB
-
MD5
43859f9a480451304b2efb0e2bc5ba72
-
SHA1
c05a69cfa4bede3a58f48ff09de4f49aa988faee
-
SHA256
17ba67b2b5ec20c5fec06a580e293eefc665fc89f8bfc00d6b9b715bffa2d845
-
SHA512
22e3da706a0b5e4e360c97f3bc80c4ab55e4ffff62aab92adc13e5c2ee2d06f93178504049a3a620a88d30c57b7cf3a53c9ef9166804a1115c4b821f9d092afe
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-