Extracted

Extracted

• • Target

    4168dd01b2806c36a6895f1d41eb7bf2670304df3f69e16d080894781853041e

  • Size

    384KB

  • MD5

    2a03d5b3379984537f432ba89f1a5677

  • SHA1

    0cc44ac0df32264814331934c92300836ecf9d08

  • SHA256

    4168dd01b2806c36a6895f1d41eb7bf2670304df3f69e16d080894781853041e

  • SHA512

    3ee71379dc94c5537d2fd6ddf3f18e416385bb169f8c38a65f1c4bcec180c8bba0ba2eb4237fdf4f05602947dc92d29542cf30f0c75caccf05645a071f22bd8d

  Score

  10^/10

  teslacryptpersistenceransomwaresuricataspywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

    suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

    suricata

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2