General
-
Target
moavjcbg.exe
-
Size
87KB
-
Sample
220520-mb9gzsdcbr
-
MD5
fee171fbd4ec2ef64bd04567a80df805
-
SHA1
2db3c49ec6151c1a3c98a7b92006629741b403b5
-
SHA256
9146be1fc85a94880644670cbf63545efb6db43516d79f42a8792342f684a5ca
-
SHA512
c66a675706a5c06202366ad6ef2a64bb82d033037447bd212ef479694d26ce040874a65a48f6f9af04af87a5bf1c45696fc2806e5095dac91d3d3b189401712c
Static task
static1
Behavioral task
behavioral1
Sample
moavjcbg.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
moavjcbg.dll
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
moavjcbg.exe
-
Size
87KB
-
MD5
fee171fbd4ec2ef64bd04567a80df805
-
SHA1
2db3c49ec6151c1a3c98a7b92006629741b403b5
-
SHA256
9146be1fc85a94880644670cbf63545efb6db43516d79f42a8792342f684a5ca
-
SHA512
c66a675706a5c06202366ad6ef2a64bb82d033037447bd212ef479694d26ce040874a65a48f6f9af04af87a5bf1c45696fc2806e5095dac91d3d3b189401712c
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-