General
-
Target
daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e
-
Size
45KB
-
Sample
211019-e79tmafca7
-
MD5
291bea114eb566d39f69d8c2af059548
-
SHA1
5a9fd8d8a1aa9e9ea1e6a01a55808b1040fae01a
-
SHA256
daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e
-
SHA512
e1df169940c3024bf20623088bfc5eb1c2b46763c247731a4a9b40770b37a2eb3dd7fc9246fe05337565676d1029e7236caa5876efe8576c6d58929a42e1b725
Static task
static1
Behavioral task
behavioral1
Sample
daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\read-me.txt
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e
-
Size
45KB
-
MD5
291bea114eb566d39f69d8c2af059548
-
SHA1
5a9fd8d8a1aa9e9ea1e6a01a55808b1040fae01a
-
SHA256
daa69519885c0f9f4947c4e6f82a0375656630e0abf55a345a536361f986252e
-
SHA512
e1df169940c3024bf20623088bfc5eb1c2b46763c247731a4a9b40770b37a2eb3dd7fc9246fe05337565676d1029e7236caa5876efe8576c6d58929a42e1b725
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-