General
-
Target
fc28d2eaee1fd3416fe3e0cd4669df3ac178c577e3a8c386b1c34c3146afb8d6.bin
-
Size
1.5MB
-
Sample
220716-vdzpkadhdq
-
MD5
60ed30bea0f9e2db5cc1f45241c7473c
-
SHA1
62b33edc9682bc780bc68d34ae7b19eaf429e42d
-
SHA256
fc28d2eaee1fd3416fe3e0cd4669df3ac178c577e3a8c386b1c34c3146afb8d6
-
SHA512
e746f0e3e37bc1c8d8a30f9e9e01cb0ab3d95e0338a1cfde78f5442b5492c8427addf0e732264fd3b4d775b2c148ba336b0269d4e194a816a97e1bebc57b7802
Static task
static1
Behavioral task
behavioral1
Sample
fc28d2eaee1fd3416fe3e0cd4669df3ac178c577e3a8c386b1c34c3146afb8d6.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
fc28d2eaee1fd3416fe3e0cd4669df3ac178c577e3a8c386b1c34c3146afb8d6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Restore-My-Files.txt
darkylock
1E6cvG6iEbufvYspsDa3XQ3WJgEMvRTm9i
Targets
-
-
Target
fc28d2eaee1fd3416fe3e0cd4669df3ac178c577e3a8c386b1c34c3146afb8d6.bin
-
Size
1.5MB
-
MD5
60ed30bea0f9e2db5cc1f45241c7473c
-
SHA1
62b33edc9682bc780bc68d34ae7b19eaf429e42d
-
SHA256
fc28d2eaee1fd3416fe3e0cd4669df3ac178c577e3a8c386b1c34c3146afb8d6
-
SHA512
e746f0e3e37bc1c8d8a30f9e9e01cb0ab3d95e0338a1cfde78f5442b5492c8427addf0e732264fd3b4d775b2c148ba336b0269d4e194a816a97e1bebc57b7802
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-