General
-
Target
23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3.sample
-
Size
57KB
-
Sample
210726-h5npgv2nws
-
MD5
d38f63c08174dba2225a8c8293e4fd8b
-
SHA1
4c6e634075781724cba954a76d1d831d077b7257
-
SHA256
23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3
-
SHA512
24c79e1e179983589296b5c5e131e1d32b103beabf48d7fb643738f833e8072fd14840239f261357d6731f9d7916aae5c95f02d94a603039684e0bfd4a8333c8
Static task
static1
Behavioral task
behavioral1
Sample
23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
recoba90@protonmail.com
32bzWrWXXbWGSwB4gGTQt8RdzuNQVaS9Md
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
recoba90
Targets
-
-
Target
23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3.sample
-
Size
57KB
-
MD5
d38f63c08174dba2225a8c8293e4fd8b
-
SHA1
4c6e634075781724cba954a76d1d831d077b7257
-
SHA256
23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3
-
SHA512
24c79e1e179983589296b5c5e131e1d32b103beabf48d7fb643738f833e8072fd14840239f261357d6731f9d7916aae5c95f02d94a603039684e0bfd4a8333c8
Score10/10-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-