General
-
Target
ransom.exe
-
Size
1.3MB
-
Sample
210705-r59721xcmx
-
MD5
cafcd59a669cfb2c981fcb8b58d0d1aa
-
SHA1
e306781f95a37b5305a462b6f67611af2b776541
-
SHA256
49921fa466e1dc65ea6c037726015a69c634fc1631a2e379bfb3d7cf7644bcad
-
SHA512
a5b67b248e2d314599d53e7134fe8cb32c782517c95c98572c979242bfcdb0aa5fb862bcee34de31cc39ced596ff107f4a5a9b1161a08755431f708c9e9a5a08
Static task
static1
Behavioral task
behavioral1
Sample
ransom.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ransom.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
ransom.exe
-
Size
1.3MB
-
MD5
cafcd59a669cfb2c981fcb8b58d0d1aa
-
SHA1
e306781f95a37b5305a462b6f67611af2b776541
-
SHA256
49921fa466e1dc65ea6c037726015a69c634fc1631a2e379bfb3d7cf7644bcad
-
SHA512
a5b67b248e2d314599d53e7134fe8cb32c782517c95c98572c979242bfcdb0aa5fb862bcee34de31cc39ced596ff107f4a5a9b1161a08755431f708c9e9a5a08
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-