General
-
Target
ecaf3c61c99e6d5a5bc4088f80e5baca08b69c0389142280836836b72a584e1d
-
Size
221KB
-
Sample
220628-tbreqscce7
-
MD5
844f623e73bfd1073d758dc1dd8edf73
-
SHA1
84eda461be3f12af03ef7136f7855146178f1292
-
SHA256
ecaf3c61c99e6d5a5bc4088f80e5baca08b69c0389142280836836b72a584e1d
-
SHA512
0d9b85b21bcf05e45722023e9e800d697c79e2a1d397747d601d1ef5a5b3eb739e552fd9c1bb1a8ea975cdb01e4bb2904483dc92088a4d9ae7e97361050b23b9
Static task
static1
Behavioral task
behavioral1
Sample
ecaf3c61c99e6d5a5bc4088f80e5baca08b69c0389142280836836b72a584e1d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ecaf3c61c99e6d5a5bc4088f80e5baca08b69c0389142280836836b72a584e1d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\Desktop\_HOWDO_text.html
http://jhomitevd2abj3fk.tor2web.org/DGJW8S8N5B7UC6QC
http://jhomitevd2abj3fk.onion/DGJW8S8N5B7UC6QC
Extracted
C:\Users\Admin\Desktop\_HOWDO_text.html
http://jhomitevd2abj3fk.tor2web.org/674IF7WC64K49B31
http://jhomitevd2abj3fk.onion/674IF7WC64K49B31
Targets
-
-
Target
ecaf3c61c99e6d5a5bc4088f80e5baca08b69c0389142280836836b72a584e1d
-
Size
221KB
-
MD5
844f623e73bfd1073d758dc1dd8edf73
-
SHA1
84eda461be3f12af03ef7136f7855146178f1292
-
SHA256
ecaf3c61c99e6d5a5bc4088f80e5baca08b69c0389142280836836b72a584e1d
-
SHA512
0d9b85b21bcf05e45722023e9e800d697c79e2a1d397747d601d1ef5a5b3eb739e552fd9c1bb1a8ea975cdb01e4bb2904483dc92088a4d9ae7e97361050b23b9
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-