General
-
Target
b236068ab96144198a99444a0c8c4ea42e8cde9667e56e8e1402de8a4030ebe8.zip
-
Size
225KB
-
Sample
220706-jy9vgsadgp
-
MD5
70f984d290dec4e9dcf9c0f4e7f2884d
-
SHA1
9022e3c0fecbd1b9db2bbe5bce9616ce5bfac59e
-
SHA256
350a0de26d6e4d0e5dc3c9b83d61e1a38ea5688a81c2c7922bfa2f6f8bc12127
-
SHA512
1cc1eead273ef307a569213ae731b3afc1016dfeb5086086754dae46a128c1d43cd3666798d53c97b9995fbd95abab697e9664f36269b34e60849f9504a46a55
Static task
static1
Behavioral task
behavioral1
Sample
b236068ab96144198a99444a0c8c4ea42e8cde9667e56e8e1402de8a4030ebe8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b236068ab96144198a99444a0c8c4ea42e8cde9667e56e8e1402de8a4030ebe8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\#HOW_TO_DECRYPT#.txt
https://icq.com/windows/
https://icq.im/RicardoMilosGachimuchi
Extracted
C:\Users\Admin\AppData\Local\Temp\#HOW_TO_DECRYPT#.txt
https://icq.com/windows/
https://icq.im/RicardoMilosGachimuchi
Targets
-
-
Target
b236068ab96144198a99444a0c8c4ea42e8cde9667e56e8e1402de8a4030ebe8
-
Size
228KB
-
MD5
707c69692402945982492eede5c829ca
-
SHA1
1e2da40c770722385982f6f0a49a4920f69870ba
-
SHA256
b236068ab96144198a99444a0c8c4ea42e8cde9667e56e8e1402de8a4030ebe8
-
SHA512
5373029d7fad0c36c0f7dfeaafddaf869c7f5f53d07b4b81e0af7a32764a7fd24299bdb05ea000efdc6c840b6e5f19613315fa1185d19161d7342a4b065e8164
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Modifies file permissions
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-