General
-
Target
369a4f163bf5552d238f52607c828c105645d29d6f2446363cdfec118f9ea412
-
Size
3.1MB
-
Sample
220626-cfspxsegf4
-
MD5
6a85d0ba4d1db63d390b7a071d60e0ef
-
SHA1
79a32ee067e19b43bc3f29fde3a3ff95986f8e2e
-
SHA256
369a4f163bf5552d238f52607c828c105645d29d6f2446363cdfec118f9ea412
-
SHA512
16a97e39d6a373c3eb7140c93fd61afd12a7569d262ee67a47ac548cffc5735379dee85ba68dabb9a0aa768e5505fe6a451fd08aae68006aa1962b2861c8a6ce
Static task
static1
Behavioral task
behavioral1
Sample
369a4f163bf5552d238f52607c828c105645d29d6f2446363cdfec118f9ea412.exe
Resource
win7-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\HOW-TO-DECRYPT.TXT
CobraLocker@mail2tor.com
http://mail2tor2zyjdctd.onion/
Targets
-
-
Target
369a4f163bf5552d238f52607c828c105645d29d6f2446363cdfec118f9ea412
-
Size
3.1MB
-
MD5
6a85d0ba4d1db63d390b7a071d60e0ef
-
SHA1
79a32ee067e19b43bc3f29fde3a3ff95986f8e2e
-
SHA256
369a4f163bf5552d238f52607c828c105645d29d6f2446363cdfec118f9ea412
-
SHA512
16a97e39d6a373c3eb7140c93fd61afd12a7569d262ee67a47ac548cffc5735379dee85ba68dabb9a0aa768e5505fe6a451fd08aae68006aa1962b2861c8a6ce
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Possible privilege escalation attempt
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Modifies file permissions
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-