General
-
Target
7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6.exe
-
Size
2.8MB
-
Sample
211206-2zgjfafdak
-
MD5
11f2511c1eeb4f49d773a1aac648c418
-
SHA1
d096c455fbf4651f67f720c53405c696bf1df420
-
SHA256
7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6
-
SHA512
cad022347b30ef77689ba5d32af341d7bd2810cc0fa471afb65169f1298203aa7523957a0364b6cd0bdd02c9e5aee8cf0924a9c0e2547c6c50d23d4be5c9e922
Static task
static1
Malware Config
Extracted
C:\BKFP_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6.exe
-
Size
2.8MB
-
MD5
11f2511c1eeb4f49d773a1aac648c418
-
SHA1
d096c455fbf4651f67f720c53405c696bf1df420
-
SHA256
7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6
-
SHA512
cad022347b30ef77689ba5d32af341d7bd2810cc0fa471afb65169f1298203aa7523957a0364b6cd0bdd02c9e5aee8cf0924a9c0e2547c6c50d23d4be5c9e922
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-