General
-
Target
e7927efd913a50c9d5885f2b39bbcfba576e1ecafa5679c58a0f613653c6651f.zip
-
Size
511KB
-
Sample
220522-fjkehaafel
-
MD5
c2687984537722fd10b62cb8e4e57dd1
-
SHA1
572851c5b7f0cef4489f7476deb2d9bd4a2638e9
-
SHA256
e545dc8318489cae80e1d5b4f45b2c6d12d195db529fbebb8a135db4ac9300f3
-
SHA512
ffbd73f460fda5fa17dc6b35c5a621208fde92e750042641f9d09110b51be9f07ae1127de0291ed1191c8c2f5ea0f73ba70bc6be179ff54f86e41057a772b8e3
Static task
static1
Behavioral task
behavioral1
Sample
e7927efd913a50c9d5885f2b39bbcfba576e1ecafa5679c58a0f613653c6651f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Read_Me!_.txt
FreedomTeam@mail.ee
Freedom29@Tutanota.com
Targets
-
-
Target
e7927efd913a50c9d5885f2b39bbcfba576e1ecafa5679c58a0f613653c6651f.exe
-
Size
1.1MB
-
MD5
a67baae890d64e81a3f0b250884c8521
-
SHA1
c41e3830637b1bf722d0dbd5a9207571f33e69d5
-
SHA256
e7927efd913a50c9d5885f2b39bbcfba576e1ecafa5679c58a0f613653c6651f
-
SHA512
e71a26b408a302a08a9e478d1c0f20a138b6b8ff9a564c8d4dbe3e504da3ca7cb7e29dea4878cc248fc82c575dab94951654a6f3c925b07a3b82b8782478bf23
Score10/10-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-