General
-
Target
57fb34c7c1d317c6652c4dd3ca40ccb00aaa9c65896bd5233d3e0db3060e63a4
-
Size
460KB
-
Sample
220523-v6dmssccfk
-
MD5
01df98710946a7e0b872b8cb0a2c9f5b
-
SHA1
4d7538967b15b1b6b9780781f96d5eb34f85ebae
-
SHA256
57fb34c7c1d317c6652c4dd3ca40ccb00aaa9c65896bd5233d3e0db3060e63a4
-
SHA512
89ababacb832056e70d88c755a919ae5d6ef49801a518d3e09a7cb6ef39ee9894c522161a5f3e7fd7d71c074d521760f20b88fafb19972aada98c5753560daeb
Static task
static1
Behavioral task
behavioral1
Sample
57fb34c7c1d317c6652c4dd3ca40ccb00aaa9c65896bd5233d3e0db3060e63a4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
57fb34c7c1d317c6652c4dd3ca40ccb00aaa9c65896bd5233d3e0db3060e63a4.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
57fb34c7c1d317c6652c4dd3ca40ccb00aaa9c65896bd5233d3e0db3060e63a4
-
Size
460KB
-
MD5
01df98710946a7e0b872b8cb0a2c9f5b
-
SHA1
4d7538967b15b1b6b9780781f96d5eb34f85ebae
-
SHA256
57fb34c7c1d317c6652c4dd3ca40ccb00aaa9c65896bd5233d3e0db3060e63a4
-
SHA512
89ababacb832056e70d88c755a919ae5d6ef49801a518d3e09a7cb6ef39ee9894c522161a5f3e7fd7d71c074d521760f20b88fafb19972aada98c5753560daeb
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-