General
-
Target
26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked
-
Size
997KB
-
Sample
210902-d4lc7vfawx
-
MD5
ba454585b9f42c7254c931c192556e08
-
SHA1
0b530303634283a43d53abd9190106869f57ba5a
-
SHA256
26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa
-
SHA512
2cb918eab6776c7cfea031cbb48cc4e33e068489a37f39ba1e246f32fef7a35c3511293b399c81b5b8056bca50d725554866584460f04efe0d65c1d1c625bc4b
Static task
static1
Behavioral task
behavioral1
Sample
26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked.exe
Resource
win10-en
Malware Config
Targets
-
-
Target
26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked
-
Size
997KB
-
MD5
ba454585b9f42c7254c931c192556e08
-
SHA1
0b530303634283a43d53abd9190106869f57ba5a
-
SHA256
26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa
-
SHA512
2cb918eab6776c7cfea031cbb48cc4e33e068489a37f39ba1e246f32fef7a35c3511293b399c81b5b8056bca50d725554866584460f04efe0d65c1d1c625bc4b
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-