General
-
Target
41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
-
Size
4.7MB
-
Sample
220524-z6d1sageb8
-
MD5
d2654d7085cfa021953f9a42c8057bba
-
SHA1
e86ad4024e568938ca94454f00d04a9303f5f7af
-
SHA256
41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
-
SHA512
2767f4ab916d58a0700d1df4933f6b8edb7d6e54ec9920a6b228ae1c130563942dbf4828e7ca9066fa71f1f195047a3b78a38e63ef67a0d8232f1599d4f00ea3
Malware Config
Extracted
zebrocy
Windows XP Professional x64 Edition
Targets
-
-
Target
41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
-
Size
4.7MB
-
MD5
d2654d7085cfa021953f9a42c8057bba
-
SHA1
e86ad4024e568938ca94454f00d04a9303f5f7af
-
SHA256
41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
-
SHA512
2767f4ab916d58a0700d1df4933f6b8edb7d6e54ec9920a6b228ae1c130563942dbf4828e7ca9066fa71f1f195047a3b78a38e63ef67a0d8232f1599d4f00ea3
Score10/10-
SatanCryptor
Golang ransomware first seen in early 2020.
-
suricata: ET MALWARE Possible Satan Cryptor GeoIP Lookup
suricata: ET MALWARE Possible Satan Cryptor GeoIP Lookup
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-