General
-
Target
dff5690cd1a3474c6cac9dcf8efacdaf51a6be992e70029e21dcacd89cc71f05
-
Size
78KB
-
Sample
220124-a7r7cshaan
-
MD5
9c3784b44183e575037fdb131355b2f6
-
SHA1
8b85ce577902376ebab9a4e3839da030077fd65c
-
SHA256
dff5690cd1a3474c6cac9dcf8efacdaf51a6be992e70029e21dcacd89cc71f05
-
SHA512
db20b54bd34ebb3abf6640c773ada4e14a187552aaaac2fddcde3ad64598d7221054db56ea145fba6e123d21e281d33573e1f9b2035ebe60014e7ae5164c2e9d
Static task
static1
Behavioral task
behavioral1
Sample
dff5690cd1a3474c6cac9dcf8efacdaf51a6be992e70029e21dcacd89cc71f05.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
dff5690cd1a3474c6cac9dcf8efacdaf51a6be992e70029e21dcacd89cc71f05.dll
Resource
win10-en-20211208
Malware Config
Extracted
C:\4b93np888q-readme.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D837669F637A6732
Extracted
C:\7c14u939-readme.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D84152300BC3497B
Targets
-
-
Target
dff5690cd1a3474c6cac9dcf8efacdaf51a6be992e70029e21dcacd89cc71f05
-
Size
78KB
-
MD5
9c3784b44183e575037fdb131355b2f6
-
SHA1
8b85ce577902376ebab9a4e3839da030077fd65c
-
SHA256
dff5690cd1a3474c6cac9dcf8efacdaf51a6be992e70029e21dcacd89cc71f05
-
SHA512
db20b54bd34ebb3abf6640c773ada4e14a187552aaaac2fddcde3ad64598d7221054db56ea145fba6e123d21e281d33573e1f9b2035ebe60014e7ae5164c2e9d
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-