General
-
Target
7625526185.zip
-
Size
721KB
-
Sample
220629-r9bqtsadcn
-
MD5
42af59f047b6cfc2bbbf814b19749326
-
SHA1
9cb91c4848ecbf71341364ba4303787479c99b93
-
SHA256
757a5f325f85b93bd7aaaf286ed25105a357fd867bd13648005fdfce60e10ef2
-
SHA512
6bbdb6019c9c37189cb173af6bff253084ec02f8f16ceef92475caa85bd43fda5d26bc4967ceb55ce71a9852b7af5bd30ad7b3802e21fbe267d05dbf62adda68
Static task
static1
Behavioral task
behavioral1
Sample
cf3bdf0f8ea4c8ece5f5a76524ab4c81fea6c3a1715b5a86b3ad4d397fca76f3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cf3bdf0f8ea4c8ece5f5a76524ab4c81fea6c3a1715b5a86b3ad4d397fca76f3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\How To Restore Your Files.txt
astralocker2@tutanota.com
Targets
-
-
Target
cf3bdf0f8ea4c8ece5f5a76524ab4c81fea6c3a1715b5a86b3ad4d397fca76f3
-
Size
875KB
-
MD5
f1dd01a9e4b959e569250354d74e0423
-
SHA1
7e2e524fd33261449571f1334868b17ef46e550d
-
SHA256
cf3bdf0f8ea4c8ece5f5a76524ab4c81fea6c3a1715b5a86b3ad4d397fca76f3
-
SHA512
d878f63456abdc4a67abd0bd208faf1e77c6baf470f84afa345c6c013f519fc4cff10ae5b3cd700e5fabf11fee3c7e1b357d81e89f7c8c09ce9ef53c99d76202
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-