General
-
Target
9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
-
Size
782KB
-
Sample
211021-taaqlaaec2
-
MD5
f8965a89dea0bc5a9eb9473e15203c4b
-
SHA1
4c64c26c74c0fac039a0974a95ab5e48f8e8d4e3
-
SHA256
9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
-
SHA512
79dd477be26046d4eba9039fa148fdaeba85100bd3d78e0af8db95571672964603c187864b2f11fcf366abc61263bd87117bfed2b943d4d2c632330b6023e1c3
Static task
static1
Behavioral task
behavioral1
Sample
9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d.exe
Resource
win10-en-20211014
Malware Config
Extracted
djvu
http://rlrz.org/fhsgtsspen6
Targets
-
-
Target
9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
-
Size
782KB
-
MD5
f8965a89dea0bc5a9eb9473e15203c4b
-
SHA1
4c64c26c74c0fac039a0974a95ab5e48f8e8d4e3
-
SHA256
9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
-
SHA512
79dd477be26046d4eba9039fa148fdaeba85100bd3d78e0af8db95571672964603c187864b2f11fcf366abc61263bd87117bfed2b943d4d2c632330b6023e1c3
Score10/10-
Detected Djvu ransomware
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-