General
-
Target
01cb2bab3300bdb2fcd4d58f148046e8a60af6bce53cc511122bcaa47aff026d
-
Size
496KB
-
Sample
220523-wj81vsdahn
-
MD5
2e98cb0b054d374a1b14cf9d20de7b85
-
SHA1
5a4753d785f853d690e9ff45abd90389656a8fa6
-
SHA256
01cb2bab3300bdb2fcd4d58f148046e8a60af6bce53cc511122bcaa47aff026d
-
SHA512
834922e5cdc3e1537a587c03d210f53b6f7630b746fd783266c3449963be8c65ddc6c54b2dd2f4c0a220a27d8830ce62fb25765cc279658b833c422d940a182a
Static task
static1
Behavioral task
behavioral1
Sample
01cb2bab3300bdb2fcd4d58f148046e8a60af6bce53cc511122bcaa47aff026d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01cb2bab3300bdb2fcd4d58f148046e8a60af6bce53cc511122bcaa47aff026d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\_ReCoVeRy_+nsiqb.txt
http://t54ndnku456ngkwsudqer.wallymac.com/2617546C2FA525B
http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/2617546C2FA525B
http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/2617546C2FA525B
http://xlowfznrg4wf7dli.onion/2617546C2FA525B
Extracted
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\_ReCoVeRy_+nsiqb.html
Targets
-
-
Target
01cb2bab3300bdb2fcd4d58f148046e8a60af6bce53cc511122bcaa47aff026d
-
Size
496KB
-
MD5
2e98cb0b054d374a1b14cf9d20de7b85
-
SHA1
5a4753d785f853d690e9ff45abd90389656a8fa6
-
SHA256
01cb2bab3300bdb2fcd4d58f148046e8a60af6bce53cc511122bcaa47aff026d
-
SHA512
834922e5cdc3e1537a587c03d210f53b6f7630b746fd783266c3449963be8c65ddc6c54b2dd2f4c0a220a27d8830ce62fb25765cc279658b833c422d940a182a
Score10/10-
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-