General
-
Target
de9d7afe742c551522bafb785c706f4f.exe
-
Size
1.2MB
-
Sample
211207-p6d1nscbe8
-
MD5
de9d7afe742c551522bafb785c706f4f
-
SHA1
42e476b69971ee796704f5975aaacd2ecd38d9d9
-
SHA256
5bfba90917bc5e5acd1b61ac2ffdcbbd8fec71eb7fdfb0b681207cc2371d5b94
-
SHA512
919a426d0de0032fc52ac55ce9444721b5b238c2a94faa7b11478218d5269a23e09eca60e26d08fa50f15167de04950ec67db06a38e437a47d941e329395eaf6
Static task
static1
Behavioral task
behavioral1
Sample
de9d7afe742c551522bafb785c706f4f.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
de9d7afe742c551522bafb785c706f4f.exe
Resource
win10-en-20211104
Malware Config
Extracted
\??\M:\Boot\cs-CZ\Read_Me.txt
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?101DTIYODTI
https://yip.su/2QstD5
Extracted
C:\Boot\bg-BG\Read_Me.txt
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?101HIKMNPRS
https://yip.su/2QstD5
Targets
-
-
Target
de9d7afe742c551522bafb785c706f4f.exe
-
Size
1.2MB
-
MD5
de9d7afe742c551522bafb785c706f4f
-
SHA1
42e476b69971ee796704f5975aaacd2ecd38d9d9
-
SHA256
5bfba90917bc5e5acd1b61ac2ffdcbbd8fec71eb7fdfb0b681207cc2371d5b94
-
SHA512
919a426d0de0032fc52ac55ce9444721b5b238c2a94faa7b11478218d5269a23e09eca60e26d08fa50f15167de04950ec67db06a38e437a47d941e329395eaf6
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-