General
-
Target
04c4e2ad0699cc27f79c0b4f62a12ce8514aea55e5737628de293d81846cf7c5.sample
-
Size
1.1MB
-
Sample
210726-1s3kqzygl6
-
MD5
44ff529219044aea635985dbb98b63f1
-
SHA1
b82193412b1cd9cb59d9bbaf30145cbdfb75b6b4
-
SHA256
04c4e2ad0699cc27f79c0b4f62a12ce8514aea55e5737628de293d81846cf7c5
-
SHA512
7b60a6038d5045821d019ce0368e604946a699c7d530277a9a08272f6e19e6cd97c20edf6c4263e0d125230dd486dc4a3128c8edc5e3bb65bb5a211b63ec9db3
Static task
static1
Behavioral task
behavioral1
Sample
04c4e2ad0699cc27f79c0b4f62a12ce8514aea55e5737628de293d81846cf7c5.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
04c4e2ad0699cc27f79c0b4f62a12ce8514aea55e5737628de293d81846cf7c5.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\README1.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
04c4e2ad0699cc27f79c0b4f62a12ce8514aea55e5737628de293d81846cf7c5.sample
-
Size
1.1MB
-
MD5
44ff529219044aea635985dbb98b63f1
-
SHA1
b82193412b1cd9cb59d9bbaf30145cbdfb75b6b4
-
SHA256
04c4e2ad0699cc27f79c0b4f62a12ce8514aea55e5737628de293d81846cf7c5
-
SHA512
7b60a6038d5045821d019ce0368e604946a699c7d530277a9a08272f6e19e6cd97c20edf6c4263e0d125230dd486dc4a3128c8edc5e3bb65bb5a211b63ec9db3
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-