Extracted

Extracted

• • Target

    4d23a9ea3868bbc64028ead54549f67d78ffbaebe823892b30f5f342a470f6d8

  • Size

    371KB

  • MD5

    2c5ed4b464979c52cc09368c97604f38

  • SHA1

    2db032be1a52a744190c3c8814f35977362ed45b

  • SHA256

    4d23a9ea3868bbc64028ead54549f67d78ffbaebe823892b30f5f342a470f6d8

  • SHA512

    d4b74607ed95b12868bcfddf2d1ec26fd6df7a13f59c6a200b6fcdadbfe3fbb3c7dbd09150fe8bd7129c87a7fac2dfe1fad26f9cbf13cec5de0f670b49e1a195

  Score

  10^/10

  teslacryptpersistenceransomwaresuricataspywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

    suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

    suricata

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2