General
-
Target
f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.sample
-
Size
9KB
-
Sample
220512-kpb3jabfe5
-
MD5
04da21c104ea3e996c4fbdc496475743
-
SHA1
0231ea30add2fa0c06167c8929f8b523ef4d1356
-
SHA256
f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201
-
SHA512
918d4459e5e3741ac0eee222bf9e5e81365e7fd5a2a046f3e7e21ceb7788dd1c735ca895048ef04e8e1af49b6dc45cd1bb60b8bcb5caa49b51a148329899a73a
Static task
static1
Behavioral task
behavioral1
Sample
f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.sample
-
Size
9KB
-
MD5
04da21c104ea3e996c4fbdc496475743
-
SHA1
0231ea30add2fa0c06167c8929f8b523ef4d1356
-
SHA256
f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201
-
SHA512
918d4459e5e3741ac0eee222bf9e5e81365e7fd5a2a046f3e7e21ceb7788dd1c735ca895048ef04e8e1af49b6dc45cd1bb60b8bcb5caa49b51a148329899a73a
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops desktop.ini file(s)
-