General
-
Target
62230c1651781d4ab7234fe6d747dc6cc79c1381f4ee15a84cf9a2176dcdc5d9
-
Size
1.2MB
-
Sample
210930-jjrelaghf2
-
MD5
7f344e3343e22d6dae8c81c29b9a661c
-
SHA1
603535d0a26a21efa479024855cee182d4f858d8
-
SHA256
62230c1651781d4ab7234fe6d747dc6cc79c1381f4ee15a84cf9a2176dcdc5d9
-
SHA512
c0141a1c52b03b6c427960d146e517484380c3e7417ebeb14e4c6cf1e8b82cadd745c5cdb9307b8fc3d188e0f0dfe953f6a664e3c220368a20e12cadc5fd9707
Static task
static1
Behavioral task
behavioral1
Sample
62230c1651781d4ab7234fe6d747dc6cc79c1381f4ee15a84cf9a2176dcdc5d9.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
62230c1651781d4ab7234fe6d747dc6cc79c1381f4ee15a84cf9a2176dcdc5d9.exe
Resource
win10v20210408
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
62230c1651781d4ab7234fe6d747dc6cc79c1381f4ee15a84cf9a2176dcdc5d9
-
Size
1.2MB
-
MD5
7f344e3343e22d6dae8c81c29b9a661c
-
SHA1
603535d0a26a21efa479024855cee182d4f858d8
-
SHA256
62230c1651781d4ab7234fe6d747dc6cc79c1381f4ee15a84cf9a2176dcdc5d9
-
SHA512
c0141a1c52b03b6c427960d146e517484380c3e7417ebeb14e4c6cf1e8b82cadd745c5cdb9307b8fc3d188e0f0dfe953f6a664e3c220368a20e12cadc5fd9707
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-