General
-
Target
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
Size
994KB
-
Sample
210909-n47pjabcdq
-
MD5
bfed6debcd8c3dbf8ea21655247ed3f0
-
SHA1
2b05bc9c9a14e3f9db8e758b2f5fa060857499bf
-
SHA256
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
SHA512
73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28
Static task
static1
Behavioral task
behavioral1
Sample
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3.exe
Resource
win10-en
Malware Config
Targets
-
-
Target
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
Size
994KB
-
MD5
bfed6debcd8c3dbf8ea21655247ed3f0
-
SHA1
2b05bc9c9a14e3f9db8e758b2f5fa060857499bf
-
SHA256
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
SHA512
73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-