General
-
Target
ed55da207686f136205db1226c23add2bba331794de6f2c0b0861681cf344226
-
Size
3.3MB
-
Sample
211122-n3sh8afdcq
-
MD5
0b0386bbb9258c2dc8da7fb1eab70e10
-
SHA1
f57c6ea3977485852796716c32bc413580c42d85
-
SHA256
ed55da207686f136205db1226c23add2bba331794de6f2c0b0861681cf344226
-
SHA512
32339d952be796672bc8131a972e05a0af2b7f780377fccad7fa84ee7c4410327fdfb421f520657688604cf0aa2dbb6bad1330b42fd39fc1fb6caa89078c9208
Static task
static1
Behavioral task
behavioral1
Sample
ed55da207686f136205db1226c23add2bba331794de6f2c0b0861681cf344226.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ed55da207686f136205db1226c23add2bba331794de6f2c0b0861681cf344226.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\FVUV_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
ed55da207686f136205db1226c23add2bba331794de6f2c0b0861681cf344226
-
Size
3.3MB
-
MD5
0b0386bbb9258c2dc8da7fb1eab70e10
-
SHA1
f57c6ea3977485852796716c32bc413580c42d85
-
SHA256
ed55da207686f136205db1226c23add2bba331794de6f2c0b0861681cf344226
-
SHA512
32339d952be796672bc8131a972e05a0af2b7f780377fccad7fa84ee7c4410327fdfb421f520657688604cf0aa2dbb6bad1330b42fd39fc1fb6caa89078c9208
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-