General
-
Target
01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
-
Size
384KB
-
Sample
220523-wg9vdahhd5
-
MD5
380623574a4955f0cc60f397669f9461
-
SHA1
39c1bfffe33b24053c54f66620a68b494d8a9d0e
-
SHA256
01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
-
SHA512
d74ba7671937c9703b077765c3cfdda1b294227a227f4d6df5dc69dd60966c67c7a766b018ab58203003cb462c522475693d061f7ec0d1b5db3a2fc29418d2f4
Static task
static1
Behavioral task
behavioral1
Sample
01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
-
Size
384KB
-
MD5
380623574a4955f0cc60f397669f9461
-
SHA1
39c1bfffe33b24053c54f66620a68b494d8a9d0e
-
SHA256
01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
-
SHA512
d74ba7671937c9703b077765c3cfdda1b294227a227f4d6df5dc69dd60966c67c7a766b018ab58203003cb462c522475693d061f7ec0d1b5db3a2fc29418d2f4
Score10/10-
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-