Extracted

Extracted

• • Target

    469f8d17cdcd46cd23ab807ba3305a888d0e2c801fa7c6499b0f719444d71bd3

  • Size

    366KB

  • MD5

    6e8553bd03e63431388120b6a772e1ee

  • SHA1

    ab5ffbed5e461e453431a3ab1ea7019e555dee5f

  • SHA256

    469f8d17cdcd46cd23ab807ba3305a888d0e2c801fa7c6499b0f719444d71bd3

  • SHA512

    c3a6c27eb4d04f8afe42fb7f4f242e1c61a38f684556eda84925be75b94584aba0f7908a09050aeb03d308cdc238210054aef5bd3b37a9b30e29ce18ae037960

  Score

  10^/10

  teslacryptpersistenceransomwaresuricata

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

    suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

    suricata

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2