General
-
Target
3ncrypter.m4n@gmail.com.exe
-
Size
1.3MB
-
Sample
211026-h9qqbahghj
-
MD5
e66f4a868b4f9af702a2998458953eec
-
SHA1
4dfb43cfafb536dc655b4a13d94a0bb5f2bbba29
-
SHA256
392a548a7ddcfdaec459e421a96e1fee183d7d73aff22ac7f744dc840f322164
-
SHA512
d3e8a75f0ac49b0d61b6958d38db83bb3fb19cab3c1f1a786a32ca08a51df1ce6976691ccef75c0d4816863d35e25a91706ed424f97885fbd78e927a9ff3e1ce
Static task
static1
Behavioral task
behavioral1
Sample
3ncrypter.m4n@gmail.com.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
3ncrypter.m4n@gmail.com.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\$Recycle.Bin\Read-this.txt
Email:3ncrypter.m4n@gmail.com
Answer:3ncryptionfile@gmail.com
Targets
-
-
Target
3ncrypter.m4n@gmail.com.exe
-
Size
1.3MB
-
MD5
e66f4a868b4f9af702a2998458953eec
-
SHA1
4dfb43cfafb536dc655b4a13d94a0bb5f2bbba29
-
SHA256
392a548a7ddcfdaec459e421a96e1fee183d7d73aff22ac7f744dc840f322164
-
SHA512
d3e8a75f0ac49b0d61b6958d38db83bb3fb19cab3c1f1a786a32ca08a51df1ce6976691ccef75c0d4816863d35e25a91706ed424f97885fbd78e927a9ff3e1ce
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-