General
-
Target
058499891d9c3fa31f1d45e7965786c17984d0394cf8db77a18f2947653ff6c4
-
Size
1.4MB
-
Sample
210922-r1zrasffan
-
MD5
19a869e05e196f29fa3dd1b43a7e70e7
-
SHA1
912d229e8175863a2794c2312dfb785f20772ccd
-
SHA256
058499891d9c3fa31f1d45e7965786c17984d0394cf8db77a18f2947653ff6c4
-
SHA512
cc5f97e114a379471b7263be929856e27b3705a0ab73abb9043f5412905a53bd591371eed55409300efc20b4c8d72882335a1ca2af7965fe8bf0af5c62222503
Static task
static1
Behavioral task
behavioral1
Sample
058499891d9c3fa31f1d45e7965786c17984d0394cf8db77a18f2947653ff6c4.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
058499891d9c3fa31f1d45e7965786c17984d0394cf8db77a18f2947653ff6c4.exe
Resource
win10v20210408
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
058499891d9c3fa31f1d45e7965786c17984d0394cf8db77a18f2947653ff6c4
-
Size
1.4MB
-
MD5
19a869e05e196f29fa3dd1b43a7e70e7
-
SHA1
912d229e8175863a2794c2312dfb785f20772ccd
-
SHA256
058499891d9c3fa31f1d45e7965786c17984d0394cf8db77a18f2947653ff6c4
-
SHA512
cc5f97e114a379471b7263be929856e27b3705a0ab73abb9043f5412905a53bd591371eed55409300efc20b4c8d72882335a1ca2af7965fe8bf0af5c62222503
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Sets desktop wallpaper using registry
-