General
-
Target
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
-
Size
1.3MB
-
Sample
220201-dhe3aafffq
-
MD5
391b43d235af8ce332300ff5a5df7322
-
SHA1
ed3f0655d8e359f5ee882bb98714e58a57a2f572
-
SHA256
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
-
SHA512
430fc05150eb81aa0fdb7092fe9c59a71366a36db388142304a030f1d4656048c15ea6a566cc94d8a427076e4b2cededb40e6f030ea94e72f0b832995a72d69b
Static task
static1
Behavioral task
behavioral1
Sample
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
-
Size
1.3MB
-
MD5
391b43d235af8ce332300ff5a5df7322
-
SHA1
ed3f0655d8e359f5ee882bb98714e58a57a2f572
-
SHA256
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
-
SHA512
430fc05150eb81aa0fdb7092fe9c59a71366a36db388142304a030f1d4656048c15ea6a566cc94d8a427076e4b2cededb40e6f030ea94e72f0b832995a72d69b
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-