General
-
Target
venecrypt.exe
-
Size
9.1MB
-
Sample
220202-e172fsgbh4
-
MD5
96b561c72edc125a84af4bf37192b675
-
SHA1
b59d17885948d4de933a8d727a00ed020829ffc0
-
SHA256
79bd4886bde18afe23cc54920491023a659ed849d31e1c73155f810909995329
-
SHA512
bb61cd8c58620bfb50bb0b25fe3ca1573d7e158f79cd5d9af61f03a207e2e1e2e43fa823b26625252856bb3b10b9ae973a70d1ebe5df2b71431d9cd3641b9809
Static task
static1
Behavioral task
behavioral1
Sample
venecrypt.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
venecrypt.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
venecrypt.exe
-
Size
9.1MB
-
MD5
96b561c72edc125a84af4bf37192b675
-
SHA1
b59d17885948d4de933a8d727a00ed020829ffc0
-
SHA256
79bd4886bde18afe23cc54920491023a659ed849d31e1c73155f810909995329
-
SHA512
bb61cd8c58620bfb50bb0b25fe3ca1573d7e158f79cd5d9af61f03a207e2e1e2e43fa823b26625252856bb3b10b9ae973a70d1ebe5df2b71431d9cd3641b9809
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-