General
-
Target
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
Size
62KB
-
Sample
220607-w4sjlscddq
-
MD5
131a20e9f579bc9f7dd9832b4c5f25bd
-
SHA1
83979db718962e3a0b45e5f70320fe5b4f009b7c
-
SHA256
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
SHA512
92e83892f635efb13d6f268ccab884b2079451a82a1e53a8482c632e126b14d3453c5ab17463d55b4cd2341d6b44034eb523867258932a9cd47deba435494f1c
Static task
static1
Behavioral task
behavioral1
Sample
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
torsec1@secmail.pro
agarrard@protonmail.com
Targets
-
-
Target
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
Size
62KB
-
MD5
131a20e9f579bc9f7dd9832b4c5f25bd
-
SHA1
83979db718962e3a0b45e5f70320fe5b4f009b7c
-
SHA256
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
SHA512
92e83892f635efb13d6f268ccab884b2079451a82a1e53a8482c632e126b14d3453c5ab17463d55b4cd2341d6b44034eb523867258932a9cd47deba435494f1c
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Discovery
Query Registry
1System Information Discovery
2Peripheral Device Discovery
1Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Privilege Escalation