General
-
Target
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
Size
128KB
-
Sample
211128-ff255sfhgj
-
MD5
99e949ddd57dbc19457eba5f235516f3
-
SHA1
99f9270e85ec53b8dada459279d30e8b169462c1
-
SHA256
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
SHA512
4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41
Static task
static1
Behavioral task
behavioral1
Sample
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\Users\Admin\How to decrypt files.txt
targetcompany
http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact
Targets
-
-
Target
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
Size
128KB
-
MD5
99e949ddd57dbc19457eba5f235516f3
-
SHA1
99f9270e85ec53b8dada459279d30e8b169462c1
-
SHA256
e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
-
SHA512
4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41
Score10/10-
TargetCompany
Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
File Deletion
2Discovery
Query Registry
1Remote System Discovery
1System Information Discovery
2Peripheral Device Discovery
1Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Privilege Escalation