General
-
Target
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin
-
Size
2.2MB
-
Sample
220120-x5jhrsbcdl
-
MD5
aea5d3cced6725f37e2c3797735e6467
-
SHA1
087497940a41d96e4e907b6dc92f75f4a38d861a
-
SHA256
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
-
SHA512
5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66
Static task
static1
Behavioral task
behavioral1
Sample
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\RECOVER-sykffle-FILES.txt
http://zujgzbu5y64xbmvc42addp4lxkoosb4tslf5mehnh7pvqjpwxn5gokyd.onion/b21e1fb6-ff88-425b-8339-3523179a1e3e/886cf430a907bbe9a3fd38fb704d524dbd199c1b042ad6f65dc72ad78704e21
http://mu75ltv3lxd24dbyu6gtvmnwybecigs5auki7fces437xvvflzva2nqd.onion/?access-key=I2Bz00rK6fkXUoQuur4TTgimmKtGOY7E7vPSTRpLMtdcJORjeK56V2Ihp8exfrrQF0AwekitMld5dPD%2B5OoHEoHZ08%2FHwP3loiz0s3FfYW5HByxYyOJDiGWf%2Fni4GArvDFUB8S7tz9KNDdlACA5ocrQ6P%2FfKvWKojMNC8Kb%2BwDLAqTsD7vTsaIqcM7nbrB3NixH0XfbvT96ix56LoZfj7SM%2FTneVcDLe7uGxxP1Fk8vBbR586TX4rlkTITOSaWBHHFDokbXzuj1S9AMgfWRNB%2FJAlX0wWUe9LjoTbzrxQ1JzYy%2BhO8HMwQHbg9oYbeu%2Ft2PGmialmLXay6qmFtG0sw%3D%3D
Extracted
C:\Users\Default\Desktop\RECOVER-sykffle-FILES.txt
http://zujgzbu5y64xbmvc42addp4lxkoosb4tslf5mehnh7pvqjpwxn5gokyd.onion/b21e1fb6-ff88-425b-8339-3523179a1e3e/886cf430a907bbe9a3fd38fb704d524dbd199c1b042ad6f65dc72ad78704e21
http://mu75ltv3lxd24dbyu6gtvmnwybecigs5auki7fces437xvvflzva2nqd.onion/?access-key=PuYbvuWqm82inTx%2BR30ukdymXFnJt5ik6Hg7z6tl%2BURykiNjZXqFnb0cJE7%2FUQf3wQddW5Omw9cjD8vt6w61RkTDZ08XcQKe4QikIKFqh5mQJNRZ8ZU%2F6mBcntlSdfVup1STyCgYT2a1%2B9RBetFcMG8tnJfAD6JewbD7q4AZVg%2BBDni4NF%2BVxCT9swjoesVRdX%2FtoEpD6UAkc%2Bt4urXr217P0vNTCihZV1bVznP3kSMRbZa%2BqNULSj8BqsHjXgudpCgcRrw%2FIkcmKFvtyJEUhRMRiQF2VL5kv%2FGO%2BjuoxmnR9yQR6iPdFkWL4r9Ib7GAMhkmMq2vuB4P88WtPREEvg%3D%3D
Targets
-
-
Target
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin
-
Size
2.2MB
-
MD5
aea5d3cced6725f37e2c3797735e6467
-
SHA1
087497940a41d96e4e907b6dc92f75f4a38d861a
-
SHA256
3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
-
SHA512
5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-