Extracted

• • Target

    2019-12-18.bin

  • Size

    1.8MB

  • MD5

    057aad993a3ef50f6b3ca2db37cb928a

  • SHA1

    a57592be641738c86c85308ef68148181249bc0b

  • SHA256

    dd286a4d79d0f4c2b906073c7f46680252ca09c1c39b0dc12c92097c56662876

  • SHA512

    87c89027d60f80e99c526584fa093620b3f099151170362424ad78f5e4d7184bd9f2d627ec8463ca202127835f435dd4f85bf2b0d9351593c688855f0bbaffbb

  Score

  10^/10

  satancryptorransomwarespywarestealer

  • SatanCryptor

    Golang ransomware first seen in early 2020.

    ransomwaresatancryptor

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Deletes itself

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2