General
-
Target
fb71eaae22e6d93286d10228fc08229b1edf805e5817f698accfe2ec18968458
-
Size
458KB
-
Sample
220201-km58labfdq
-
MD5
ea7bb99e03606702c1cbe543bb32b27e
-
SHA1
85e38cc3b78cbb92ade81721d8cec0cb6c34f3b5
-
SHA256
fb71eaae22e6d93286d10228fc08229b1edf805e5817f698accfe2ec18968458
-
SHA512
77ef0498a18d8762852d6fa0a27784aef20e2a784d1923f73cda2a742dd94e5efd63e8e9d34d02f2ac9a9a119de03b1030cee2cd33ac50ff03b682ed414178b9
Static task
static1
Behavioral task
behavioral1
Sample
fb71eaae22e6d93286d10228fc08229b1edf805e5817f698accfe2ec18968458.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
fb71eaae22e6d93286d10228fc08229b1edf805e5817f698accfe2ec18968458.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\DECRYPT-FILES.txt
maze
http://aoacugmutagkwctu.onion/6c610cc59c4b880d
https://mazedecrypt.top/6c610cc59c4b880d
Targets
-
-
Target
fb71eaae22e6d93286d10228fc08229b1edf805e5817f698accfe2ec18968458
-
Size
458KB
-
MD5
ea7bb99e03606702c1cbe543bb32b27e
-
SHA1
85e38cc3b78cbb92ade81721d8cec0cb6c34f3b5
-
SHA256
fb71eaae22e6d93286d10228fc08229b1edf805e5817f698accfe2ec18968458
-
SHA512
77ef0498a18d8762852d6fa0a27784aef20e2a784d1923f73cda2a742dd94e5efd63e8e9d34d02f2ac9a9a119de03b1030cee2cd33ac50ff03b682ed414178b9
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Sets desktop wallpaper using registry
-