General
-
Target
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
Size
75KB
-
Sample
210831-kk3zw312ws
-
MD5
98b04a1cfdf18674315ec137733553a7
-
SHA1
dd1cdb8782b5e08695b006393d1e8ab4e447556e
-
SHA256
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
SHA512
3c5d9884a922b4b974c3dbd0e6f73292b7bfa761a1e50cfb1af07752261cf1a8ea2520a13f28f7040d788bff3837c62c7a6595f03b1c1be5f8d4ea9848f09cb5
Static task
static1
Behavioral task
behavioral1
Sample
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Documents and Settings\How To Restore Your Files.txt
http://gtmx56k4hutn3ikv.onion/blog/ff6b763849c49971c7ef8508064a3d8681529c7f45e532ff9e3d9ec13165263b/
http://gtmx56k4hutn3ikv.onion/
http://babukq4e2p4wu4iq.onion/login.php?id=l6Kr29xLbfnq1f0jzES55LLmmrZPd8
Targets
-
-
Target
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
Size
75KB
-
MD5
98b04a1cfdf18674315ec137733553a7
-
SHA1
dd1cdb8782b5e08695b006393d1e8ab4e447556e
-
SHA256
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
SHA512
3c5d9884a922b4b974c3dbd0e6f73292b7bfa761a1e50cfb1af07752261cf1a8ea2520a13f28f7040d788bff3837c62c7a6595f03b1c1be5f8d4ea9848f09cb5
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-