General
-
Target
0171a3c92acb9d038fb0c2ba5d581aa8e7044e38a92bb4e4461e32876ece1d32
-
Size
395KB
-
Sample
220523-yj3j7aggfn
-
MD5
2bea97aadb0a96d4af09f49e440c4093
-
SHA1
1d53250cc4ce4e4c283e811c1b1eec49a9c2bb91
-
SHA256
0171a3c92acb9d038fb0c2ba5d581aa8e7044e38a92bb4e4461e32876ece1d32
-
SHA512
71c45095bb43cb2f771f1bc9982bea2894c7cd5be56266aed4ff37a41911df163b7ac9030ba82ca7570c84b4c5fb9e07b3f91903d7cb16123993c11e4a795c88
Static task
static1
Behavioral task
behavioral1
Sample
0171a3c92acb9d038fb0c2ba5d581aa8e7044e38a92bb4e4461e32876ece1d32.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0171a3c92acb9d038fb0c2ba5d581aa8e7044e38a92bb4e4461e32876ece1d32.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\_ReCoVeRy_+mctko.txt
http://t54ndnku456ngkwsudqer.wallymac.com/4AB234A167D0AEEB
http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/4AB234A167D0AEEB
http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/4AB234A167D0AEEB
http://xlowfznrg4wf7dli.onion/4AB234A167D0AEEB
Extracted
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\_ReCoVeRy_+mctko.html
Targets
-
-
Target
0171a3c92acb9d038fb0c2ba5d581aa8e7044e38a92bb4e4461e32876ece1d32
-
Size
395KB
-
MD5
2bea97aadb0a96d4af09f49e440c4093
-
SHA1
1d53250cc4ce4e4c283e811c1b1eec49a9c2bb91
-
SHA256
0171a3c92acb9d038fb0c2ba5d581aa8e7044e38a92bb4e4461e32876ece1d32
-
SHA512
71c45095bb43cb2f771f1bc9982bea2894c7cd5be56266aed4ff37a41911df163b7ac9030ba82ca7570c84b4c5fb9e07b3f91903d7cb16123993c11e4a795c88
Score10/10-
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-