General
-
Target
0243ddd90fb70d1a7a6714bce75072254cde9bdb8c36ed2271b49a9aa190d9d5
-
Size
272KB
-
Sample
220305-3b7w6abccm
-
MD5
ab1aaa8f96c61684736da00ece5a9c83
-
SHA1
c41435392d0759af778dd24ea303136b02469123
-
SHA256
0243ddd90fb70d1a7a6714bce75072254cde9bdb8c36ed2271b49a9aa190d9d5
-
SHA512
ba25c53c7b5aeea57cde0540071292a7f1b77557ba72119f5fbdf95e840b04e994c81a4a7248375c272eeb34ebe3f41f5ae7f0acc0d3fece477634e6caf28515
Static task
static1
Behavioral task
behavioral1
Sample
0243ddd90fb70d1a7a6714bce75072254cde9bdb8c36ed2271b49a9aa190d9d5.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0243ddd90fb70d1a7a6714bce75072254cde9bdb8c36ed2271b49a9aa190d9d5.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\7358kd+readme.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/08D920D8768424D0
http://decryptor.cc/08D920D8768424D0
Extracted
C:\010344hf8+readme.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6F390513D8EA2141
http://decryptor.cc/6F390513D8EA2141
Targets
-
-
Target
0243ddd90fb70d1a7a6714bce75072254cde9bdb8c36ed2271b49a9aa190d9d5
-
Size
272KB
-
MD5
ab1aaa8f96c61684736da00ece5a9c83
-
SHA1
c41435392d0759af778dd24ea303136b02469123
-
SHA256
0243ddd90fb70d1a7a6714bce75072254cde9bdb8c36ed2271b49a9aa190d9d5
-
SHA512
ba25c53c7b5aeea57cde0540071292a7f1b77557ba72119f5fbdf95e840b04e994c81a4a7248375c272eeb34ebe3f41f5ae7f0acc0d3fece477634e6caf28515
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-