General
-
Target
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin
-
Size
2.2MB
-
Sample
220117-vf67esbcd8
-
MD5
aea5d3cced6725f37e2c3797735e6467
-
SHA1
087497940a41d96e4e907b6dc92f75f4a38d861a
-
SHA256
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
-
SHA512
5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66
Static task
static1
Behavioral task
behavioral1
Sample
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\RECOVER-sykffle-FILES.txt
http://zujgzbu5y64xbmvc42addp4lxkoosb4tslf5mehnh7pvqjpwxn5gokyd.onion/b21e1fb6-ff88-425b-8339-3523179a1e3e/886cf430a907bbe9a3fd38fb704d524dbd199c1b042ad6f65dc72ad78704e21
http://mu75ltv3lxd24dbyu6gtvmnwybecigs5auki7fces437xvvflzva2nqd.onion/?access-key=LWJr7bVcSMGcY5YdPVmFb0ZON%2BF7%2Bau322FPnwcE9LwdS6oF%2BqsTezNE%2BJ3CeIrVWP04sFKfZyDthKAU9FNF54clf32wnXRakIh6nUeIjJL4Gn%2FYPHs5cVfPKaMFdTRGKKFP1JWeQ2Fne7wWRfD0eCgmTAKCagsjtwAQMfzZJfV1wKtj%2BRVh87pyjXP%2BA1G7IBmjVgEbLP1dWQR4XdYwvaaM%2FE1ge51BV3MJEcg5rHmsnCK%2BFjqDeJR5sEbdckGW7cxZ1aVBMAScg8WU%2FI3uFbntzOvipK4%2BFofW0p81%2F23Ssz7qmAQuRCEYcLWT0nt87F%2Fq6HYV09Q9YoOjlrvPKw%3D%3D
Targets
-
-
Target
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin
-
Size
2.2MB
-
MD5
aea5d3cced6725f37e2c3797735e6467
-
SHA1
087497940a41d96e4e907b6dc92f75f4a38d861a
-
SHA256
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
-
SHA512
5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-