General
-
Target
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35
-
Size
4.0MB
-
Sample
220304-q8pevsgdgq
-
MD5
976cac03f0462e192d4e3924cacf2c11
-
SHA1
68c9977b3236967e1f64163b0f33aca49ce74abe
-
SHA256
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35
-
SHA512
98a83b8ba15e114d27da06eb8adf6bb28d340a15089c6a03ddbdf0ff5f510778bd4309fa8b59ca47d233dda38f54b6293557e598fd4f5df6df9da94707c301c9
Static task
static1
Behavioral task
behavioral1
Sample
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Program Files\7-Zip\JPjx_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35
-
Size
4.0MB
-
MD5
976cac03f0462e192d4e3924cacf2c11
-
SHA1
68c9977b3236967e1f64163b0f33aca49ce74abe
-
SHA256
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35
-
SHA512
98a83b8ba15e114d27da06eb8adf6bb28d340a15089c6a03ddbdf0ff5f510778bd4309fa8b59ca47d233dda38f54b6293557e598fd4f5df6df9da94707c301c9
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-