General
-
Target
c94a81fdf688d220827320e88cc0b89af8690142abe5c602131b6659297c7d24.exe
-
Size
308KB
-
Sample
220410-d9b5psggb3
-
MD5
75a6690d9a4a89bd0cf6ceebcffd3c41
-
SHA1
678ddaaaa14fcd7b90bfa2b673221378e032fdbf
-
SHA256
c94a81fdf688d220827320e88cc0b89af8690142abe5c602131b6659297c7d24
-
SHA512
37273a97459d3624e77c8b586acbed6836a88d9c4975625a654f55eccdabeb9d4dcd55598779ec7bfe3e682e725597468ef59fee9e18263a3a00c86bf962e526
Static task
static1
Behavioral task
behavioral1
Sample
c94a81fdf688d220827320e88cc0b89af8690142abe5c602131b6659297c7d24.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
c94a81fdf688d220827320e88cc0b89af8690142abe5c602131b6659297c7d24.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\How To Restore Your Files.txt
1E6cvG6iEbufvYspsDa3XQ3WJgEMvRTm9i
Targets
-
-
Target
c94a81fdf688d220827320e88cc0b89af8690142abe5c602131b6659297c7d24.exe
-
Size
308KB
-
MD5
75a6690d9a4a89bd0cf6ceebcffd3c41
-
SHA1
678ddaaaa14fcd7b90bfa2b673221378e032fdbf
-
SHA256
c94a81fdf688d220827320e88cc0b89af8690142abe5c602131b6659297c7d24
-
SHA512
37273a97459d3624e77c8b586acbed6836a88d9c4975625a654f55eccdabeb9d4dcd55598779ec7bfe3e682e725597468ef59fee9e18263a3a00c86bf962e526
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-