General
-
Target
df2e56f50d123d406d20bf5f58924efcb6489aeba82d0cc11a2fd89b7c3f5687
-
Size
3.7MB
-
Sample
220113-rb5w1sagcp
-
MD5
ed582a5d8711beaddf0e78f115caca61
-
SHA1
bfd3d499cdb1d43d1647f09d481795ee022f944e
-
SHA256
df2e56f50d123d406d20bf5f58924efcb6489aeba82d0cc11a2fd89b7c3f5687
-
SHA512
b43813d220a2f6ec38ec6d301d39e65c5e38517d8d6ea76589833dd58d38bcf40204ce042a6c2b38e248408dbde8560aba33556c5801ea2fa88defe6c76274f3
Static task
static1
Behavioral task
behavioral1
Sample
df2e56f50d123d406d20bf5f58924efcb6489aeba82d0cc11a2fd89b7c3f5687.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\Program Files\7-Zip\T3yp_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
df2e56f50d123d406d20bf5f58924efcb6489aeba82d0cc11a2fd89b7c3f5687
-
Size
3.7MB
-
MD5
ed582a5d8711beaddf0e78f115caca61
-
SHA1
bfd3d499cdb1d43d1647f09d481795ee022f944e
-
SHA256
df2e56f50d123d406d20bf5f58924efcb6489aeba82d0cc11a2fd89b7c3f5687
-
SHA512
b43813d220a2f6ec38ec6d301d39e65c5e38517d8d6ea76589833dd58d38bcf40204ce042a6c2b38e248408dbde8560aba33556c5801ea2fa88defe6c76274f3
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-