General
-
Target
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
-
Size
416KB
-
Sample
210726-dkhgywvv6j
-
MD5
21fa6ebdd397f14bbb68a4e3d012467e
-
SHA1
0ecff2f818565e7eb28d3a7b7d295459a868e920
-
SHA256
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
-
SHA512
368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66
Static task
static1
Behavioral task
behavioral1
Sample
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
clearcuMc04997@gmail.com
1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9
Targets
-
-
Target
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
-
Size
416KB
-
MD5
21fa6ebdd397f14bbb68a4e3d012467e
-
SHA1
0ecff2f818565e7eb28d3a7b7d295459a868e920
-
SHA256
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
-
SHA512
368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Discovery
Query Registry
1System Information Discovery
2Peripheral Device Discovery
1Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Modify Existing Service
1Privilege Escalation