General
-
Target
bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d
-
Size
3.4MB
-
Sample
211122-nxjzwsadc8
-
MD5
97143a7fe15b4a0e66ce8389bce1fdfe
-
SHA1
137448bfb7b094c79132a2bd6277149dc853a15d
-
SHA256
bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d
-
SHA512
82fe5cd1379e9527b689ff3ca20bf6b1f8172215bdb5ef8ac93aac586ca702bfe86b4bab03483bc49dd31eed8af716a54c2b35724acf218a13a87ce68ab3b5f3
Static task
static1
Behavioral task
behavioral1
Sample
bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\Program Files\7-Zip\ANc6_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d
-
Size
3.4MB
-
MD5
97143a7fe15b4a0e66ce8389bce1fdfe
-
SHA1
137448bfb7b094c79132a2bd6277149dc853a15d
-
SHA256
bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d
-
SHA512
82fe5cd1379e9527b689ff3ca20bf6b1f8172215bdb5ef8ac93aac586ca702bfe86b4bab03483bc49dd31eed8af716a54c2b35724acf218a13a87ce68ab3b5f3
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-