General
-
Target
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample
-
Size
61KB
-
Sample
210726-7kdxb4j7ve
-
MD5
2a66b3b2638dfc5dfcf8aaf825993269
-
SHA1
4e04822d6b8c3087be0550dba96f0c80d84359f8
-
SHA256
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5
-
SHA512
1d63645dc8564057367ed295cb56b0aebdb071b652786d67ae2d9fc0371a034231ace703001bc353b303000fde0c6f9774a120ace83b665964278f8e7127c435
Static task
static1
Behavioral task
behavioral1
Sample
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
torsec1@secmail.pro
agarrard@protonmail.com
Targets
-
-
Target
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample
-
Size
61KB
-
MD5
2a66b3b2638dfc5dfcf8aaf825993269
-
SHA1
4e04822d6b8c3087be0550dba96f0c80d84359f8
-
SHA256
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5
-
SHA512
1d63645dc8564057367ed295cb56b0aebdb071b652786d67ae2d9fc0371a034231ace703001bc353b303000fde0c6f9774a120ace83b665964278f8e7127c435
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Defense Evasion
File Deletion
2Discovery
Query Registry
1System Information Discovery
2Peripheral Device Discovery
1Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Privilege Escalation