General
-
Target
0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.zip
-
Size
359KB
-
Sample
220521-jfe76adhgm
-
MD5
c8e24c4c02bb7d342fe4123aea42eebd
-
SHA1
31684a3d37c889e4d502b688237da8ab2518e363
-
SHA256
7350798ef19a86e5abd526d6cacacc97091daededf5a934b310d68ef03613b4a
-
SHA512
66aa4c929ba09f19ae56c4e38195b1fbb635c87c65624da4bc9ca001e995bd107c14618c76e9d4ac83d43b8dc2165afaa1f5d88c5fa775f8cb3663fc0ff08ad3
Static task
static1
Behavioral task
behavioral1
Sample
0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\GET_YOUR_FILES_BACK.txt
http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion
http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion
Targets
-
-
Target
0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
-
Size
807KB
-
MD5
2163c068a10608bbc6d721dba25b0c47
-
SHA1
1ade2676a39dbf268929aafbd3f576fc4ab6a7e6
-
SHA256
0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182
-
SHA512
75b2a0650bec7e98470e2a0f14caa6b164d3d4dd2c70c68860e019f2ff9b23695f7a6a27eae4f794915fb624c96dc12902f642eb1acb32041b3d2a296899139b
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-