General
-
Target
f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5.zip
-
Size
112KB
-
Sample
220708-l97klsdfh3
-
MD5
4a20c7e2d55cc406d7e2e075b43223ac
-
SHA1
834a8abc21c5196b913dd39b3958d1700d5df2f0
-
SHA256
ec704de00a60797b2ecc3be32cf7a58ed5d681a2c07e39c26f1302d243aa49cf
-
SHA512
2ff4fc1728060921e01ba2fc152aadda4e43dae9fc7fb471a55dcda736435e9426f39ea5e98d4bc19ad2b2c448d8b92710b1ba3ffe040cdf992a2c8744d8f087
Static task
static1
Behavioral task
behavioral1
Sample
f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Restore_Your_Files.txt
https://tox.chat/
http://yeuajcizwytgmrntijhxphs6wn5txp2prs6rpndafbsapek3zd4ubcid.onion
Targets
-
-
Target
f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5.exe
-
Size
235KB
-
MD5
b7a182db3ba75e737f75bda1bc76331a
-
SHA1
cf0fe28214ad4106c48ec5867327319eaa82b3c3
-
SHA256
f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5
-
SHA512
5e8d7f65ae231020056a3940d3ca31546986a6130a7956374edc0bc4f139f66f467bf27b66b5cdff73f52dc48ad00f84a9a618fec6db2727c61c44807fb650e8
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-