General
-
Target
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin
-
Size
2.2MB
-
Sample
220117-tqyscsbedr
-
MD5
aea5d3cced6725f37e2c3797735e6467
-
SHA1
087497940a41d96e4e907b6dc92f75f4a38d861a
-
SHA256
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
-
SHA512
5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66
Static task
static1
Behavioral task
behavioral1
Sample
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
Resource
win10-en-20211208
Malware Config
Extracted
\??\Z:\RECOVER-sykffle-FILES.txt
http://zujgzbu5y64xbmvc42addp4lxkoosb4tslf5mehnh7pvqjpwxn5gokyd.onion/b21e1fb6-ff88-425b-8339-3523179a1e3e/886cf430a907bbe9a3fd38fb704d524dbd199c1b042ad6f65dc72ad78704e21
http://mu75ltv3lxd24dbyu6gtvmnwybecigs5auki7fces437xvvflzva2nqd.onion/?access-key=GfjBJOpvNRomDHpgsWFmQevkENCHPGoFVXNvOwZ5qtw6SKG8kCp%2FQXB0CKxe6xRLJeFStrmxxrCbQi69Lel21pyJ91hmeQKjk%2Ben10Sqh2b01bhXSjaFMUD0e5%2BXGhwxDwqQoRUyKT7vev%2BM9KxFzS8VnaZiT9nCM3z26ET%2Fd3GfFWYXI3ecK8mMbLKf1%2BWlmff363dOih4kRUyk8hEabXK3EYFMuN5cVuR%2FI3J8sLIeeDJ9DizQRIUd2lRlXAFjX0z6sIOWNrj0YJ7tdcSzU5t2y015GAfb3D4L0XlSBjONqAY%2BwKQqk6XQ3TonZw39LdyjfbJQcyfc6uxssBhoUA%3D%3D
Targets
-
-
Target
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin
-
Size
2.2MB
-
MD5
aea5d3cced6725f37e2c3797735e6467
-
SHA1
087497940a41d96e4e907b6dc92f75f4a38d861a
-
SHA256
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
-
SHA512
5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-