General
-
Target
3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1.exe
-
Size
48KB
-
Sample
220907-pqxg3scag6
-
MD5
48c0edeea7a6fda6646c3cdb9630a964
-
SHA1
18c1dfe6e5e401d4fb4f309af2daae166816bd97
-
SHA256
3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1
-
SHA512
969b44e9d5e53a3f82767e9bd67ff47b85f3b53318d6ceb2cc03d4a7d255161b752f87220bfbccce954810a948b34626f0bdda30ede289a0569e7f8e18ab533c
-
SSDEEP
768:9zsfaMDiZ2oq65co7Bjd/3oqab0k3RW2X0oj+cykcN:9zFMq2o4qFoqaXiu+nkc
Static task
static1
Behavioral task
behavioral1
Sample
3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Public\Documents\RGNR_B748E028.txt
ragnarlocker
https://prnt.sc/s5g6gr
https://prnt.sc/s5g79t
https://prnt.sc/s5gkxh
http://p6o7m73ujalhgkiv.onion/temporary-de-page-424/
http://stppd5as5x4hxs45.onion/client/?0dFE0B7BAA7C7801ddd746B1DC5ad44bAD82Fc0f77DAC01bD3cf3D2D9deB94bC
Targets
-
-
Target
3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1.exe
-
Size
48KB
-
MD5
48c0edeea7a6fda6646c3cdb9630a964
-
SHA1
18c1dfe6e5e401d4fb4f309af2daae166816bd97
-
SHA256
3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1
-
SHA512
969b44e9d5e53a3f82767e9bd67ff47b85f3b53318d6ceb2cc03d4a7d255161b752f87220bfbccce954810a948b34626f0bdda30ede289a0569e7f8e18ab533c
-
SSDEEP
768:9zsfaMDiZ2oq65co7Bjd/3oqab0k3RW2X0oj+cykcN:9zFMq2o4qFoqaXiu+nkc
Score10/10-
RagnarLocker
Ransomware first seen at the end of 2019, which has been used in targetted attacks against multiple companies.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-