General
-
Target
xd.exe
-
Size
42KB
-
Sample
211202-mj8knahhd2
-
MD5
a034f79273e3f61d34eeadf38f12dee2
-
SHA1
9c8feeab65f71344713d63f4879e247aba49dce4
-
SHA256
903c04976fa6e6721c596354f383a4d4272c6730b29eee00b0ec599265963e74
-
SHA512
f88ae1a3fdc901e49c3ddae6008f80c3b647f2fb88d32c9d726d91f52f65d5af5b2c6c0bdc9dba556f797e9c9075befb4d639a1b6ff990b060bdb081f2945caf
Static task
static1
Behavioral task
behavioral1
Sample
xd.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
xd.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\PerfLogs\Hello.txt
https://tox.chat/download.html
Targets
-
-
Target
xd.exe
-
Size
42KB
-
MD5
a034f79273e3f61d34eeadf38f12dee2
-
SHA1
9c8feeab65f71344713d63f4879e247aba49dce4
-
SHA256
903c04976fa6e6721c596354f383a4d4272c6730b29eee00b0ec599265963e74
-
SHA512
f88ae1a3fdc901e49c3ddae6008f80c3b647f2fb88d32c9d726d91f52f65d5af5b2c6c0bdc9dba556f797e9c9075befb4d639a1b6ff990b060bdb081f2945caf
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-