General
-
Target
d4rkw4ve@tutanota.com.exe
-
Size
489KB
-
Sample
220103-e6grfsbab6
-
MD5
ad81961ccc571e985d35e6f30d396859
-
SHA1
39dc8ac32563d88a11dee49137a0353b46f3eb38
-
SHA256
630e24cc1c4c95321965ad967e77e1888c48c4b1f653d800c7df08e879814787
-
SHA512
2d08c947b382b8633c1e055a8bbc57ae7b83f9a3a3ea1ac38080c52acc3fb928a2e199588b8cb0160494be03e6d42d4ae414d292e9e3838a6850cde1369aa8d8
Static task
static1
Behavioral task
behavioral1
Sample
d4rkw4ve@tutanota.com.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d4rkw4ve@tutanota.com.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\Restore-My-Files.txt
d4rkw4ve@tutanota.com
dark4wave@yandex.com
Extracted
C:\Users\Admin\AppData\Local\Temp\info.hta
d4rkw4ve@tutanota.com
dark4wave@yandex.com
Extracted
C:\Restore-My-Files.txt
d4rkw4ve@tutanota.com
dark4wave@yandex.com
Extracted
C:\Users\Admin\AppData\Local\Temp\info.hta
d4rkw4ve@tutanota.com
dark4wave@yandex.com
Targets
-
-
Target
d4rkw4ve@tutanota.com.exe
-
Size
489KB
-
MD5
ad81961ccc571e985d35e6f30d396859
-
SHA1
39dc8ac32563d88a11dee49137a0353b46f3eb38
-
SHA256
630e24cc1c4c95321965ad967e77e1888c48c4b1f653d800c7df08e879814787
-
SHA512
2d08c947b382b8633c1e055a8bbc57ae7b83f9a3a3ea1ac38080c52acc3fb928a2e199588b8cb0160494be03e6d42d4ae414d292e9e3838a6850cde1369aa8d8
Score10/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-