General
-
Target
YourCyanide.bat
-
Size
110KB
-
Sample
220523-x36khsgagj
-
MD5
ec021aca2f2a3b5725e0e28dd5d43578
-
SHA1
879d5e39d279cb39773d55dbf75130bee2c61a55
-
SHA256
59206d147fdb9aa0b350d1d5e68cf2c041ffbc85f544a041dd153d407abd2db4
-
SHA512
91ebd89588caa0fc9a7bc43cfc06f48b021e4054002701619ee8a76cd407d503100c8ef9e1809120b9970c154a0f74992c393e7f5955058f5889e0a82249c8ad
Static task
static1
Behavioral task
behavioral1
Sample
YourCyanide.bat
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\Desktop\YcynNote.txt
yourcyanide.help@gmail.com
Targets
-
-
Target
YourCyanide.bat
-
Size
110KB
-
MD5
ec021aca2f2a3b5725e0e28dd5d43578
-
SHA1
879d5e39d279cb39773d55dbf75130bee2c61a55
-
SHA256
59206d147fdb9aa0b350d1d5e68cf2c041ffbc85f544a041dd153d407abd2db4
-
SHA512
91ebd89588caa0fc9a7bc43cfc06f48b021e4054002701619ee8a76cd407d503100c8ef9e1809120b9970c154a0f74992c393e7f5955058f5889e0a82249c8ad
Score10/10-
suricata: ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-