General
-
Target
282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636.bin.sample
-
Size
52KB
-
Sample
211020-ntmllshaa3
-
MD5
28945b625617cfdcc444b428de0a7a00
-
SHA1
9cab670cd0d11e901cdb3f197aa18f1a6e2930ba
-
SHA256
282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636
-
SHA512
eab6d0816c972a435e11e195194699748058127203bc726061689f986d6dbc49978b4e78b7f93d550233f2f22046888b938ad8ac9c4cf01cfb3de08cf642f19d
Static task
static1
Behavioral task
behavioral1
Sample
282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636.bin.sample
-
Size
52KB
-
MD5
28945b625617cfdcc444b428de0a7a00
-
SHA1
9cab670cd0d11e901cdb3f197aa18f1a6e2930ba
-
SHA256
282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636
-
SHA512
eab6d0816c972a435e11e195194699748058127203bc726061689f986d6dbc49978b4e78b7f93d550233f2f22046888b938ad8ac9c4cf01cfb3de08cf642f19d
Score8/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-