General
-
Target
Server.exe
-
Size
22KB
-
Sample
220405-lzlv6agdhp
-
MD5
f00e621c0adcf1a526c920158be62e81
-
SHA1
8ff540d8472ef658725288442a54e392b9583efb
-
SHA256
f3097549c4c5d8fbe5bd6c18be10a56fd2485bb5d42aecf1c031236805fdefa8
-
SHA512
352e5bb6d02e1a10bfe711cd90dd27545edcf8bb7d0b943c6c8cc1b667130fae514ff5d05fcf810e150fb0f36f888de2d5215e72fe9708c12f74a2e72e4ed366
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10-20220331-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
f8782a013a20610e09216f21b705d856
-
reg_key
f8782a013a20610e09216f21b705d856
-
splitter
|'|'|
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Server.exe
-
Size
22KB
-
MD5
f00e621c0adcf1a526c920158be62e81
-
SHA1
8ff540d8472ef658725288442a54e392b9583efb
-
SHA256
f3097549c4c5d8fbe5bd6c18be10a56fd2485bb5d42aecf1c031236805fdefa8
-
SHA512
352e5bb6d02e1a10bfe711cd90dd27545edcf8bb7d0b943c6c8cc1b667130fae514ff5d05fcf810e150fb0f36f888de2d5215e72fe9708c12f74a2e72e4ed366
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Sets desktop wallpaper using registry
-