General
-
Target
801fc7cfb15d34805610093de83b9eee582d882907f2544ff6afec9fb70f2bbc
-
Size
693KB
-
Sample
210926-n7j3msegh7
-
MD5
2bd754f7114cbc3ec492d50b9ab27f9f
-
SHA1
f18fa720928f1e317f1683cd2d9bfc830fe19707
-
SHA256
801fc7cfb15d34805610093de83b9eee582d882907f2544ff6afec9fb70f2bbc
-
SHA512
9a0a43be2214f099aaca7f8682622d65b4fe542f2acd8b3c5601bf79f92508b530ce2e3f9244588704f0765f25445139ffd67e82c928d962a4bc452cdea9daac
Static task
static1
Behavioral task
behavioral1
Sample
801fc7cfb15d34805610093de83b9eee582d882907f2544ff6afec9fb70f2bbc.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
801fc7cfb15d34805610093de83b9eee582d882907f2544ff6afec9fb70f2bbc
-
Size
693KB
-
MD5
2bd754f7114cbc3ec492d50b9ab27f9f
-
SHA1
f18fa720928f1e317f1683cd2d9bfc830fe19707
-
SHA256
801fc7cfb15d34805610093de83b9eee582d882907f2544ff6afec9fb70f2bbc
-
SHA512
9a0a43be2214f099aaca7f8682622d65b4fe542f2acd8b3c5601bf79f92508b530ce2e3f9244588704f0765f25445139ffd67e82c928d962a4bc452cdea9daac
-
Detected Djvu ransomware
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-