General
-
Target
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
-
Size
750KB
-
Sample
220520-ljx89acgdp
-
MD5
0f081afaae11c154edb8df747d612f93
-
SHA1
7b1478e64453d78ff60eda7b1d2cc3623d4a9210
-
SHA256
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
-
SHA512
4b76bd14bcdf5a5e0a73fe630dc430968d59a7c132b00cb9e12674ff6d6472a726b5ed7796fa1481eb7e7b2aacdbc356a3b028c2b3eb2cbd13af1650f3d20628
Static task
static1
Behavioral task
behavioral1
Sample
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\Downloads\HELP_DECRYPT_YOUR_FILES.txt
uncrushman@protonmail.com
Extracted
C:\Users\Admin\Downloads\HELP_DECRYPT_YOUR_FILES.txt
uncrushman@protonmail.com
Targets
-
-
Target
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
-
Size
750KB
-
MD5
0f081afaae11c154edb8df747d612f93
-
SHA1
7b1478e64453d78ff60eda7b1d2cc3623d4a9210
-
SHA256
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
-
SHA512
4b76bd14bcdf5a5e0a73fe630dc430968d59a7c132b00cb9e12674ff6d6472a726b5ed7796fa1481eb7e7b2aacdbc356a3b028c2b3eb2cbd13af1650f3d20628
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Generic Ransomware Note
Ransomware often writes a note containing information on how to pay the ransom.
-