General
-
Target
HEUR-Trojan-Ransom.MSIL.Gen.gen-6b6158f74dbd43b8c839d5ae65d33ae9a11c9e3cef5fa52d86105983a67cdc4f.exe
-
Size
171KB
-
Sample
220924-lm7xvsbaa6
-
MD5
d3d0035a769e6ef98b1433160b2c8333
-
SHA1
be1d0aed32308166721d4756e2216dc44c2d0baa
-
SHA256
6b6158f74dbd43b8c839d5ae65d33ae9a11c9e3cef5fa52d86105983a67cdc4f
-
SHA512
b86b1ab9ad2c4c851c8712d0e49321cd3f9671815592bd4228664d236093cbb904f091dc7ad60815a56da5f9face2ce11fbd84790afca4d480ae17fa76dcb229
-
SSDEEP
384:LFLGX7oV+D2DBn4f+yJZcccccJcccctJZcccccJccccFJZcccccJccccFJZcccc9:LFLuk1DN4f+NEL
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Ransom.MSIL.Gen.gen-6b6158f74dbd43b8c839d5ae65d33ae9a11c9e3cef5fa52d86105983a67cdc4f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Ransom.MSIL.Gen.gen-6b6158f74dbd43b8c839d5ae65d33ae9a11c9e3cef5fa52d86105983a67cdc4f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Users\Admin\Desktop\README-MCBURGLAR.txt
http://XXXXXXXXXXXXXXXXXXXX.onion
https://XXXXXXXXXXXXXXXXXX.onion
Targets
-
-
Target
HEUR-Trojan-Ransom.MSIL.Gen.gen-6b6158f74dbd43b8c839d5ae65d33ae9a11c9e3cef5fa52d86105983a67cdc4f.exe
-
Size
171KB
-
MD5
d3d0035a769e6ef98b1433160b2c8333
-
SHA1
be1d0aed32308166721d4756e2216dc44c2d0baa
-
SHA256
6b6158f74dbd43b8c839d5ae65d33ae9a11c9e3cef5fa52d86105983a67cdc4f
-
SHA512
b86b1ab9ad2c4c851c8712d0e49321cd3f9671815592bd4228664d236093cbb904f091dc7ad60815a56da5f9face2ce11fbd84790afca4d480ae17fa76dcb229
-
SSDEEP
384:LFLGX7oV+D2DBn4f+yJZcccccJcccctJZcccccJccccFJZcccccJccccFJZcccc9:LFLuk1DN4f+NEL
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-