General
-
Target
4e6c191325b37da546e72f4a7334d820995d744bf7bb1a03605adb3ad30ce9ca.sample
-
Size
17KB
-
Sample
210726-yvsrjmhmbs
-
MD5
16a29314e8563135b18668036a6f63c8
-
SHA1
90cf5ca4df9d78cf92bb865b5b399a4d2752e55b
-
SHA256
4e6c191325b37da546e72f4a7334d820995d744bf7bb1a03605adb3ad30ce9ca
-
SHA512
45c023e6dd4202079e913b8946825b47fab30b584bbd79b0416152cc4a54975b12205393827289c1f03feb71b54d3b6b34490be3001e9b565c1f89e13e752032
Static task
static1
Behavioral task
behavioral1
Sample
4e6c191325b37da546e72f4a7334d820995d744bf7bb1a03605adb3ad30ce9ca.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4e6c191325b37da546e72f4a7334d820995d744bf7bb1a03605adb3ad30ce9ca.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\H0w_T0_Rec0very_Files.txt
help0f0ry0u@protonmail.com
http://ax3spapdymip4jpy.onion
Targets
-
-
Target
4e6c191325b37da546e72f4a7334d820995d744bf7bb1a03605adb3ad30ce9ca.sample
-
Size
17KB
-
MD5
16a29314e8563135b18668036a6f63c8
-
SHA1
90cf5ca4df9d78cf92bb865b5b399a4d2752e55b
-
SHA256
4e6c191325b37da546e72f4a7334d820995d744bf7bb1a03605adb3ad30ce9ca
-
SHA512
45c023e6dd4202079e913b8946825b47fab30b584bbd79b0416152cc4a54975b12205393827289c1f03feb71b54d3b6b34490be3001e9b565c1f89e13e752032
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-