General
-
Target
4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
-
Size
3.3MB
-
Sample
220306-hmdggabhgn
-
MD5
d18bf81dbc8acce488abd633d8058cf5
-
SHA1
1d6dcade355b4867e9435961655a9b9caa373528
-
SHA256
4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
-
SHA512
10a6b3994b1b0d37c9f3833e700baded6b89b0162078442b4de5a9747c23027d8943016c5941ba2e530ee5263b87c31a7714aa7bcb5051e5d63cf0a3cd88756f
Static task
static1
Behavioral task
behavioral1
Sample
4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
Extracted
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
Targets
-
-
Target
4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
-
Size
3.3MB
-
MD5
d18bf81dbc8acce488abd633d8058cf5
-
SHA1
1d6dcade355b4867e9435961655a9b9caa373528
-
SHA256
4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
-
SHA512
10a6b3994b1b0d37c9f3833e700baded6b89b0162078442b4de5a9747c23027d8943016c5941ba2e530ee5263b87c31a7714aa7bcb5051e5d63cf0a3cd88756f
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-