General
-
Target
5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4.bin
-
Size
6.0MB
-
Sample
211218-23eh9ageeq
-
MD5
5559e9f5e1645f8554ea020a29a5a3ee
-
SHA1
d74bd70862707cd2c7ab946903f6fa0aab066151
-
SHA256
5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4
-
SHA512
56835d08f64887c4bd7b0fecd111f4b89411c45398618d815ed9652a0addbf25939fee9f40c4a0315e5e1539c0e87fcd5a9bd73cd7ad43d97d1484763abc5540
Static task
static1
Behavioral task
behavioral1
Sample
5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4.bin.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4.bin.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\Users\Public\index.html
href="mailto:primexm@darkatom.org"><span
class="info">Email:primexm@darkatom.org
Extracted
C:\Users\Public\ATOMSILO-README.hta
atomsilo
Email:primexm@darkatom.org
http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion
Extracted
C:\Users\Public\index.html
href="mailto:primexm@darkatom.org"><span
class="info">Email:primexm@darkatom.org
Targets
-
-
Target
5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4.bin
-
Size
6.0MB
-
MD5
5559e9f5e1645f8554ea020a29a5a3ee
-
SHA1
d74bd70862707cd2c7ab946903f6fa0aab066151
-
SHA256
5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4
-
SHA512
56835d08f64887c4bd7b0fecd111f4b89411c45398618d815ed9652a0addbf25939fee9f40c4a0315e5e1539c0e87fcd5a9bd73cd7ad43d97d1484763abc5540
Score10/10-
AtomSilo Ransomware
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-