General
-
Target
020730d7f7fe8cf01da0cc9dc855b6dd236a6bad5ce63993dd5592560362b627
-
Size
328KB
-
Sample
220523-vb7mdsfee5
-
MD5
49e661c0dc68d12354441a1cd7c4f53d
-
SHA1
c357b67342ae3ca24c2c58056df84cd502fcc78f
-
SHA256
020730d7f7fe8cf01da0cc9dc855b6dd236a6bad5ce63993dd5592560362b627
-
SHA512
e765509c72b35a516364d42c80671a0ccd89ecdc7993bec2c48c3f798a969800799d52f17cbecca0bbbcb12c32835e3135ac74647408d4f0a7de75cccded22f4
Static task
static1
Behavioral task
behavioral1
Sample
020730d7f7fe8cf01da0cc9dc855b6dd236a6bad5ce63993dd5592560362b627.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
020730d7f7fe8cf01da0cc9dc855b6dd236a6bad5ce63993dd5592560362b627.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\Recovery+uoldn.txt
http://ytrest84y5i456hghadefdsd.pontogrot.com/A5311DBB5BA9152
http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/A5311DBB5BA9152
http://5rport45vcdef345adfkksawe.bematvocal.at/A5311DBB5BA9152
http://xlowfznrg4wf7dli.onion/A5311DBB5BA9152
http://xlowfznrg4wf7dli.ONION/A5311DBB5BA9152
Targets
-
-
Target
020730d7f7fe8cf01da0cc9dc855b6dd236a6bad5ce63993dd5592560362b627
-
Size
328KB
-
MD5
49e661c0dc68d12354441a1cd7c4f53d
-
SHA1
c357b67342ae3ca24c2c58056df84cd502fcc78f
-
SHA256
020730d7f7fe8cf01da0cc9dc855b6dd236a6bad5ce63993dd5592560362b627
-
SHA512
e765509c72b35a516364d42c80671a0ccd89ecdc7993bec2c48c3f798a969800799d52f17cbecca0bbbcb12c32835e3135ac74647408d4f0a7de75cccded22f4
Score10/10-
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-