General
-
Target
059dd7e81265ce033d71a4cfb42549af473d70c5a8d50bc55e741f413b6e94e5.sample
-
Size
28KB
-
Sample
210726-7rrl7amx2a
-
MD5
90cd7b4a952a6c929bd006f74125fb8c
-
SHA1
827e2e64857d77c18d26980a69ab54683ec6e7de
-
SHA256
059dd7e81265ce033d71a4cfb42549af473d70c5a8d50bc55e741f413b6e94e5
-
SHA512
3e8a6bf872900f8b2cdb395aa71ada4d7999e5e2f9717d5761c26fee41f8d686e8d171e210f2f4e2535eedcd9122e1e7ab5c31ead255c6950ed0f99d8b040a73
Static task
static1
Behavioral task
behavioral1
Sample
059dd7e81265ce033d71a4cfb42549af473d70c5a8d50bc55e741f413b6e94e5.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
059dd7e81265ce033d71a4cfb42549af473d70c5a8d50bc55e741f413b6e94e5.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\[HOW TO RECOVER FILES].TXT
prolock
support981723721@protonmail.com
http://msaoyrayohnp32tcgwcanhjouetb5k54aekgnwg7dcvtgtecpumrxpqd.onion
Targets
-
-
Target
059dd7e81265ce033d71a4cfb42549af473d70c5a8d50bc55e741f413b6e94e5.sample
-
Size
28KB
-
MD5
90cd7b4a952a6c929bd006f74125fb8c
-
SHA1
827e2e64857d77c18d26980a69ab54683ec6e7de
-
SHA256
059dd7e81265ce033d71a4cfb42549af473d70c5a8d50bc55e741f413b6e94e5
-
SHA512
3e8a6bf872900f8b2cdb395aa71ada4d7999e5e2f9717d5761c26fee41f8d686e8d171e210f2f4e2535eedcd9122e1e7ab5c31ead255c6950ed0f99d8b040a73
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-