General
-
Target
5a991404956e8c12450424bfc0fe49600c3b7988ac0766df044f56dd93720155
-
Size
3.4MB
-
Sample
211122-mw3j6sacf2
-
MD5
531b9620dc5a091c8259eab105b6b1fa
-
SHA1
f9e256305a01e217e7fbd998796121ffba5c3974
-
SHA256
5a991404956e8c12450424bfc0fe49600c3b7988ac0766df044f56dd93720155
-
SHA512
a5f431fbc4bb57a784efec72997e67ea2085baaee12f177d11e6bdcef7c9bd6341e51dcba64f91806e7052499d6970b71ffe47b1646c186b6d3feb5e14ce88ec
Static task
static1
Behavioral task
behavioral1
Sample
5a991404956e8c12450424bfc0fe49600c3b7988ac0766df044f56dd93720155.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
5a991404956e8c12450424bfc0fe49600c3b7988ac0766df044f56dd93720155.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\p3qn_HOW_TO_DECRYPT.txt
hive
Targets
-
-
Target
5a991404956e8c12450424bfc0fe49600c3b7988ac0766df044f56dd93720155
-
Size
3.4MB
-
MD5
531b9620dc5a091c8259eab105b6b1fa
-
SHA1
f9e256305a01e217e7fbd998796121ffba5c3974
-
SHA256
5a991404956e8c12450424bfc0fe49600c3b7988ac0766df044f56dd93720155
-
SHA512
a5f431fbc4bb57a784efec72997e67ea2085baaee12f177d11e6bdcef7c9bd6341e51dcba64f91806e7052499d6970b71ffe47b1646c186b6d3feb5e14ce88ec
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-