General
-
Target
rdmr_3.exe
-
Size
1.8MB
-
Sample
211019-ynec6ahcbr
-
MD5
00c227b93837e5e5f7f24509459a0216
-
SHA1
8148f3df22b82dbdf664ff5e343bb053f01830b7
-
SHA256
0d93bc5a94ff11a3221e186b6fe8ee28aed9f2f1db2413e6562f43bc7f23786f
-
SHA512
574b1fdc7505aa597b078828d7559982e4b506c49466f2600b0dfcf4ba3584581df35e5c7baa91ddda97052c6e34d146d8d1e0457269f18ac7799deb9ef069db
Static task
static1
Behavioral task
behavioral1
Sample
rdmr_3.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
rdmr_3.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\Read Me.TXT
aloop@protonmail.com
Extracted
C:\Read Me.TXT
aloop@protonmail.com
Targets
-
-
Target
rdmr_3.exe
-
Size
1.8MB
-
MD5
00c227b93837e5e5f7f24509459a0216
-
SHA1
8148f3df22b82dbdf664ff5e343bb053f01830b7
-
SHA256
0d93bc5a94ff11a3221e186b6fe8ee28aed9f2f1db2413e6562f43bc7f23786f
-
SHA512
574b1fdc7505aa597b078828d7559982e4b506c49466f2600b0dfcf4ba3584581df35e5c7baa91ddda97052c6e34d146d8d1e0457269f18ac7799deb9ef069db
Score10/10-
Clears Windows event logs
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-