General
-
Target
1c.jpg
-
Size
1004KB
-
Sample
220427-cfpm9sbbgj
-
MD5
592b12b5a4d9beec0c8914fcb36a8f30
-
SHA1
ae094c72b8c774cd9e573e12500c0869ece074aa
-
SHA256
f02008f3656a77dcb5e4ca16153acfb649cf2717b1d60e58fe17073b452c6403
-
SHA512
54c1c96c03f114976b5ccd56382bb1edb315bf21feb40a887e046dff9f5e33cfa29238c6a35218a85ab757a24b51343dfc451d2114fd89f9cc1e8630f5fb5c5b
Static task
static1
Behavioral task
behavioral1
Sample
1c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
1c.jpg
-
Size
1004KB
-
MD5
592b12b5a4d9beec0c8914fcb36a8f30
-
SHA1
ae094c72b8c774cd9e573e12500c0869ece074aa
-
SHA256
f02008f3656a77dcb5e4ca16153acfb649cf2717b1d60e58fe17073b452c6403
-
SHA512
54c1c96c03f114976b5ccd56382bb1edb315bf21feb40a887e046dff9f5e33cfa29238c6a35218a85ab757a24b51343dfc451d2114fd89f9cc1e8630f5fb5c5b
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-