General
-
Target
560c2b56abc7854631568fda3564a898927a840cf0f65e21e192c7159b9b97c5
-
Size
334KB
-
Sample
220725-grthtahhcn
-
MD5
297d424347e669aa6e1ba055008f83f7
-
SHA1
a80df965e8346b04f254bd965091a9279a0076ed
-
SHA256
560c2b56abc7854631568fda3564a898927a840cf0f65e21e192c7159b9b97c5
-
SHA512
0bb9d1ed58af93aa372c7c62179505bae1a1305006dc2b65cd36d5d0bce4c9774baf71ed19ca849dc1d3f85bc3e3e533aa0e756e8f85c76c28a3ddf5445d6cf6
Static task
static1
Behavioral task
behavioral1
Sample
560c2b56abc7854631568fda3564a898927a840cf0f65e21e192c7159b9b97c5.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
560c2b56abc7854631568fda3564a898927a840cf0f65e21e192c7159b9b97c5.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-335065374-4263250628-1829373619-1000\Recovery+cojbh.txt
http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/50EEE69D6322F6C3
http://b4youfred5485jgsa3453f.italazudda.com/50EEE69D6322F6C3
http://5rport45vcdef345adfkksawe.bematvocal.at/50EEE69D6322F6C3
http://fwgrhsao3aoml7ej.onion/50EEE69D6322F6C3
http://fwgrhsao3aoml7ej.ONION/50EEE69D6322F6C3
Targets
-
-
Target
560c2b56abc7854631568fda3564a898927a840cf0f65e21e192c7159b9b97c5
-
Size
334KB
-
MD5
297d424347e669aa6e1ba055008f83f7
-
SHA1
a80df965e8346b04f254bd965091a9279a0076ed
-
SHA256
560c2b56abc7854631568fda3564a898927a840cf0f65e21e192c7159b9b97c5
-
SHA512
0bb9d1ed58af93aa372c7c62179505bae1a1305006dc2b65cd36d5d0bce4c9774baf71ed19ca849dc1d3f85bc3e3e533aa0e756e8f85c76c28a3ddf5445d6cf6
Score10/10-
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-