General
-
Target
01ba112a401a66b2517c6a68fde732ab1215a94e01825a4f3298031b2242756b
-
Size
1.3MB
-
Sample
220523-wxc6caagd8
-
MD5
cd8e122ae4c4f2ccdd11ce0bba190e4d
-
SHA1
15101b8db966adfd4c533778123b5484bd5bda96
-
SHA256
01ba112a401a66b2517c6a68fde732ab1215a94e01825a4f3298031b2242756b
-
SHA512
3cbbd84dd925c80b86ef296bbe69b5a8c11d23d2c954c4b6854d8635066808a9aa34b0af7572311f3277d7af5dab8ec75befd9ea42ce6711adc3679819b37b65
Static task
static1
Behavioral task
behavioral1
Sample
01ba112a401a66b2517c6a68fde732ab1215a94e01825a4f3298031b2242756b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01ba112a401a66b2517c6a68fde732ab1215a94e01825a4f3298031b2242756b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\README1.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
01ba112a401a66b2517c6a68fde732ab1215a94e01825a4f3298031b2242756b
-
Size
1.3MB
-
MD5
cd8e122ae4c4f2ccdd11ce0bba190e4d
-
SHA1
15101b8db966adfd4c533778123b5484bd5bda96
-
SHA256
01ba112a401a66b2517c6a68fde732ab1215a94e01825a4f3298031b2242756b
-
SHA512
3cbbd84dd925c80b86ef296bbe69b5a8c11d23d2c954c4b6854d8635066808a9aa34b0af7572311f3277d7af5dab8ec75befd9ea42ce6711adc3679819b37b65
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Sets desktop wallpaper using registry
-