General
-
Target
09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample
-
Size
3.7MB
-
Sample
210726-zymwj9gaca
-
MD5
d659325ea3491708820a2beffe9362b8
-
SHA1
6e7f725401c33332beb2383a6802a7e4b2db30a9
-
SHA256
09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138
-
SHA512
958f4a72530703131be2f25dc906ab7fc8ee174e9cbd13f9c976af7e986593b56a768e0413e6a85d06f2bdc057ac7d9617f6c25cbf8f13cc2f8348bcf441eeb5
Static task
static1
Behavioral task
behavioral1
Sample
09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Public\Desktop\Decrypt-Your-Files.txt
alfredmir@protonmail.com
Targets
-
-
Target
09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample
-
Size
3.7MB
-
MD5
d659325ea3491708820a2beffe9362b8
-
SHA1
6e7f725401c33332beb2383a6802a7e4b2db30a9
-
SHA256
09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138
-
SHA512
958f4a72530703131be2f25dc906ab7fc8ee174e9cbd13f9c976af7e986593b56a768e0413e6a85d06f2bdc057ac7d9617f6c25cbf8f13cc2f8348bcf441eeb5
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-