General
-
Target
dfbd62a3d1b239601e17a5533e5cef53036647901f3fb72be76d92063e279178.sample
-
Size
14KB
-
Sample
211020-k4ef7sggg7
-
MD5
3355ace345e98406bdb331ccad568386
-
SHA1
81d5888bb8d43d88315c040be1f51db6bb5cf64c
-
SHA256
dfbd62a3d1b239601e17a5533e5cef53036647901f3fb72be76d92063e279178
-
SHA512
55223ee6f387252a401e62cd5b619afafcb3d63cb33cd1b9a12d782dadc9e68b95062363863f70f13eb28f751da710b78161f7efda464d66b1f98741e56f50e1
Static task
static1
Behavioral task
behavioral1
Sample
dfbd62a3d1b239601e17a5533e5cef53036647901f3fb72be76d92063e279178.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\[HOW TO RECOVER FILES].TXT
prolock
support981723721@protonmail.com
http://msaoyrayohnp32tcgwcanhjouetb5k54aekgnwg7dcvtgtecpumrxpqd.onion
Targets
-
-
Target
dfbd62a3d1b239601e17a5533e5cef53036647901f3fb72be76d92063e279178.sample
-
Size
14KB
-
MD5
3355ace345e98406bdb331ccad568386
-
SHA1
81d5888bb8d43d88315c040be1f51db6bb5cf64c
-
SHA256
dfbd62a3d1b239601e17a5533e5cef53036647901f3fb72be76d92063e279178
-
SHA512
55223ee6f387252a401e62cd5b619afafcb3d63cb33cd1b9a12d782dadc9e68b95062363863f70f13eb28f751da710b78161f7efda464d66b1f98741e56f50e1
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-