General
-
Target
Screenshot00112021.scr.exe
-
Size
288KB
-
Sample
211115-qxdtzsfdhl
-
MD5
dd8b6f163544a37fc7aa6f09052a391b
-
SHA1
2e3c83a2c778838a795d06682afb6169e672cc22
-
SHA256
0b3932739176975ad69bae0a03171746b7efa1c3909cf5206dcb3b89d1947b15
-
SHA512
499dd0c1214e5ea4b7a9f64149fa118c047b836fffd52b3f3424b1aae84d463d25dc75e7e8fcb706040601b56659ca1228a113ffdb1b4a634ded12fdfb8a8022
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot00112021.scr.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Screenshot00112021.scr.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
Targets
-
-
Target
Screenshot00112021.scr.exe
-
Size
288KB
-
MD5
dd8b6f163544a37fc7aa6f09052a391b
-
SHA1
2e3c83a2c778838a795d06682afb6169e672cc22
-
SHA256
0b3932739176975ad69bae0a03171746b7efa1c3909cf5206dcb3b89d1947b15
-
SHA512
499dd0c1214e5ea4b7a9f64149fa118c047b836fffd52b3f3424b1aae84d463d25dc75e7e8fcb706040601b56659ca1228a113ffdb1b4a634ded12fdfb8a8022
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-