General
-
Target
HEUR-Trojan-Ransom.MSIL.Agent.gen-ecf1633a5b162a9e59e76e8dd86afde28e32cc3be2e454188cd5e063e6be3650.exe
-
Size
8KB
-
Sample
220924-lm7xvsbaa3
-
MD5
8afc6df4f14d30c0eb7fe9af68ede7de
-
SHA1
c8a5d2aa3bc022b403035e909efa22df347dabe2
-
SHA256
ecf1633a5b162a9e59e76e8dd86afde28e32cc3be2e454188cd5e063e6be3650
-
SHA512
05679182c9a6c0358f8eb981cd4b76f08c56ecef0ca3a4a9c1c327c5d3f21be47046bc2c5dbe7fdce99b312a912b57246325e51bd31e85c3f9918b40ef1567d5
-
SSDEEP
96:KUZk1ypMIPOXeZVBoNypU0PeP8KRHPuYf7oP:Fu1y6IPUeZDoz86HLs
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Ransom.MSIL.Agent.gen-ecf1633a5b162a9e59e76e8dd86afde28e32cc3be2e454188cd5e063e6be3650.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Ransom.MSIL.Agent.gen-ecf1633a5b162a9e59e76e8dd86afde28e32cc3be2e454188cd5e063e6be3650.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.TXT
supportdata@cock.li
e-mails:xmmh@tutanota.com
Targets
-
-
Target
HEUR-Trojan-Ransom.MSIL.Agent.gen-ecf1633a5b162a9e59e76e8dd86afde28e32cc3be2e454188cd5e063e6be3650.exe
-
Size
8KB
-
MD5
8afc6df4f14d30c0eb7fe9af68ede7de
-
SHA1
c8a5d2aa3bc022b403035e909efa22df347dabe2
-
SHA256
ecf1633a5b162a9e59e76e8dd86afde28e32cc3be2e454188cd5e063e6be3650
-
SHA512
05679182c9a6c0358f8eb981cd4b76f08c56ecef0ca3a4a9c1c327c5d3f21be47046bc2c5dbe7fdce99b312a912b57246325e51bd31e85c3f9918b40ef1567d5
-
SSDEEP
96:KUZk1ypMIPOXeZVBoNypU0PeP8KRHPuYf7oP:Fu1y6IPUeZDoz86HLs
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-