Extracted

• • Target

    aaf1c2e67e9049fcbfd9f97302d78837769e1ad20fb2c4f35c69339e95845938

  • Size

    994KB

  • MD5

    0cefce0dbbbedc5eb1febe4d85b23c71

  • SHA1

    6aef7d5a462268c438c8417ee0da3f130b8aa84a

  • SHA256

    aaf1c2e67e9049fcbfd9f97302d78837769e1ad20fb2c4f35c69339e95845938

  • SHA512

    1311cf0b918419c192b3914a01e467430f445aaf6a003338e2176b1527c74263f658d8d39bd6d9c78b70324615101026767034798945d42d25215ee4d45654bf

  Score

  10^/10

  ctblockerransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2