General
-
Target
Taleb.Ransom.exe
-
Size
10.8MB
-
Sample
220325-hsddnafgel
-
MD5
ac09b7550eda13e03a55448fd8367e2d
-
SHA1
8266a12669a4a3952cb9af86e75ed74c27c71013
-
SHA256
4b78968928cfa5437ffdd56a39a5ea8c10a7b6dc5d3f342d003260088876b3cf
-
SHA512
44cace3038bd96fa36a9d3b16251573f625f5e7cb53f0233d87f6e8ab564e731bd8719088feec44f47a460c0a096b964c2c0e77f3f1c371b773e66407aef5d29
Static task
static1
Behavioral task
behavioral1
Sample
Taleb.Ransom.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Taleb.Ransom.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\Decryption-Guide.txt
Folperdock@gmail.com
Extracted
C:\Decryption-Guide.txt
Folperdock@gmail.com
Targets
-
-
Target
Taleb.Ransom.exe
-
Size
10.8MB
-
MD5
ac09b7550eda13e03a55448fd8367e2d
-
SHA1
8266a12669a4a3952cb9af86e75ed74c27c71013
-
SHA256
4b78968928cfa5437ffdd56a39a5ea8c10a7b6dc5d3f342d003260088876b3cf
-
SHA512
44cace3038bd96fa36a9d3b16251573f625f5e7cb53f0233d87f6e8ab564e731bd8719088feec44f47a460c0a096b964c2c0e77f3f1c371b773e66407aef5d29
Score10/10-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-