General
-
Target
dc9dfb97d069344353eea77b92769bb36b7c7e488778d3b04672469301e96413
-
Size
2.6MB
-
Sample
220113-qhf1ssaecp
-
MD5
0799b7aef297d8bd4393e9b93bc560f9
-
SHA1
aca2b339a9c9ed04184c774f3c89e8ec6e75a22b
-
SHA256
dc9dfb97d069344353eea77b92769bb36b7c7e488778d3b04672469301e96413
-
SHA512
55e15979cd68f47188cdb9e2bb148a84bcbedd7b69c507c27d0cea11305d7bb3988ce361eeecbb69f1336a78e18b91d0277f95b7d3fc3e70311a06409054479b
Static task
static1
Behavioral task
behavioral1
Sample
dc9dfb97d069344353eea77b92769bb36b7c7e488778d3b04672469301e96413.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\auw1_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
dc9dfb97d069344353eea77b92769bb36b7c7e488778d3b04672469301e96413
-
Size
2.6MB
-
MD5
0799b7aef297d8bd4393e9b93bc560f9
-
SHA1
aca2b339a9c9ed04184c774f3c89e8ec6e75a22b
-
SHA256
dc9dfb97d069344353eea77b92769bb36b7c7e488778d3b04672469301e96413
-
SHA512
55e15979cd68f47188cdb9e2bb148a84bcbedd7b69c507c27d0cea11305d7bb3988ce361eeecbb69f1336a78e18b91d0277f95b7d3fc3e70311a06409054479b
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-