General
-
Target
6408692395966464.zip
-
Size
11.9MB
-
Sample
210618-wkcp54d48n
-
MD5
d0c9e4a15e172272d05bcfec4bab7764
-
SHA1
b02c9e876a0b84c17ca098c18e46b79962c8a73a
-
SHA256
a1fae764f4d282fd761c88399668c2d89435b102a53559e5ef686cce82b11a9f
-
SHA512
6c9b230b553012da684e594ebf461ca7c2729a222edaf4b9c9aca1b905f3bb9cbaead383b90bb56e89e969004c98edfe4b1463fc3c8e8bd40b8ffe514a174b89
Static task
static1
Behavioral task
behavioral1
Sample
b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f.exe
Resource
win10v20210408
Malware Config
Extracted
C:\decrypt_file.TxT
support_blackkingdom2@protonmail.com
1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT
Extracted
C:\decrypt_file.TxT
support_blackkingdom2@protonmail.com
1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT
Targets
-
-
Target
b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f
-
Size
12.2MB
-
MD5
f8b604ca7aa304a479f2461d1b74e795
-
SHA1
0539c6df68e9ef15cbfa1f07daca8fd759fef874
-
SHA256
b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f
-
SHA512
45584e50e87cacc8b3853402a77b8e882a2de3d9d1a2de6d1a23684a95a656e5bd32055ead030ae157d116b48aad5dc75e24a1cfddfaf08b3913435954c83e68
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-