Extracted

• • Target

    e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

  • Size

    128KB

  • MD5

    99e949ddd57dbc19457eba5f235516f3

  • SHA1

    99f9270e85ec53b8dada459279d30e8b169462c1

  • SHA256

    e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

  • SHA512

    4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41

  Score

  10^/10

  targetcompanyevasionransomware

  • TargetCompany

    Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.

    ransomwaretargetcompany

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2