General
-
Target
d3f80ebec40d7c729b87c19bd8f1760a8ec88228839e7d408d571b1577b2b776
-
Size
15KB
-
Sample
220204-qlstrsadc4
-
MD5
ae3aab90f69a05b131bd76abe8a5a988
-
SHA1
e4b09d053f6d0d95a318a552fc69291874a166c9
-
SHA256
d3f80ebec40d7c729b87c19bd8f1760a8ec88228839e7d408d571b1577b2b776
-
SHA512
2c411bf12e79e8620c1188147d6d5d0b06877ad5c60b1043e0d13a8e508dfcf85e95f3691fcd12081d60db42bc3bcf8ef00837318559fe6aac3da34e406ec714
Static task
static1
Behavioral task
behavioral1
Sample
d3f80ebec40d7c729b87c19bd8f1760a8ec88228839e7d408d571b1577b2b776.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d3f80ebec40d7c729b87c19bd8f1760a8ec88228839e7d408d571b1577b2b776.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\[HOW TO RECOVER FILES].TXT
prolock
chec1kyourf1les@protonmail.com.
http://qyyllfooubxzl5am25xoessrbnluxpj73ylgtlx25xdg74yuheaigfqd.onion
Targets
-
-
Target
d3f80ebec40d7c729b87c19bd8f1760a8ec88228839e7d408d571b1577b2b776
-
Size
15KB
-
MD5
ae3aab90f69a05b131bd76abe8a5a988
-
SHA1
e4b09d053f6d0d95a318a552fc69291874a166c9
-
SHA256
d3f80ebec40d7c729b87c19bd8f1760a8ec88228839e7d408d571b1577b2b776
-
SHA512
2c411bf12e79e8620c1188147d6d5d0b06877ad5c60b1043e0d13a8e508dfcf85e95f3691fcd12081d60db42bc3bcf8ef00837318559fe6aac3da34e406ec714
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-