General
-
Target
9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
-
Size
5.0MB
-
Sample
220204-qmskdsadd4
-
MD5
c182610dd437f90d0cc6cb0ac19cfdb7
-
SHA1
9729820748673938e057ce74d007b758f6f9b195
-
SHA256
9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
-
SHA512
618bb4559c36eec0b8e3552c16b94b0060d68186b9864ca6670d8a17225088a69a498a367a226f5944a3b7d79a61565cd7123e27001053000b6d42d86352051a
Static task
static1
Behavioral task
behavioral1
Sample
9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\[HOW TO RECOVER FILES].TXT
prolock
chec1kyourf1les@protonmail.com
http://ug76vzhn2fujp6of2mjb6rjt4rploqe4q5gr2bkuaiwmzpf7nehzpsqd.onion
Targets
-
-
Target
9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
-
Size
5.0MB
-
MD5
c182610dd437f90d0cc6cb0ac19cfdb7
-
SHA1
9729820748673938e057ce74d007b758f6f9b195
-
SHA256
9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
-
SHA512
618bb4559c36eec0b8e3552c16b94b0060d68186b9864ca6670d8a17225088a69a498a367a226f5944a3b7d79a61565cd7123e27001053000b6d42d86352051a
Score10/10-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-