General
-
Target
3b43751ed88e4d1f82cf52ca2d4477e3e35c35f08c1b4e3ab21c80720601e804.exe
-
Size
54KB
-
Sample
220925-tgeywsgecp
-
MD5
439ef1ddf569a7d6a8280a229357fcfc
-
SHA1
c1a5dfd851337cd12770244c97e83b7066dea781
-
SHA256
3b43751ed88e4d1f82cf52ca2d4477e3e35c35f08c1b4e3ab21c80720601e804
-
SHA512
fe4c2a55135f065af8733a1eeb9904353b7279f44ecb8732c58067d4b15f03c5c15d10857994943e785c35a688ca2ee9f333abf3a6dca80542d651be6b77e75e
-
SSDEEP
768:gDq17yBfcKW/engJIYVQIz2yNVn/+Q7tXZ70OSWas5Y:MqM6/OgS4Qs3F7tJ7nSW55
Static task
static1
Behavioral task
behavioral1
Sample
3b43751ed88e4d1f82cf52ca2d4477e3e35c35f08c1b4e3ab21c80720601e804.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3b43751ed88e4d1f82cf52ca2d4477e3e35c35f08c1b4e3ab21c80720601e804.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Public\Documents\!$R4GN4R_EB839F13$!.txt
ragnarlocker
http://prnt.sc/tz6u6u
http://prnt.sc/tz6uq9
http://prnt.sc/tz6uz9
http://prnt.sc/tz6w7x
http://prnt.sc/tzoumv
http://p6o7m73ujalhgkiv.onion/?J0gYIisP3R7m
http://rgngerzxui2kizq6h5ekefneizmn54n4bcjjthyvdir22orayuya5zad.onion/client/?E5AddcB5e33bF83b3e3e23ef7fD9Dc28eAe4CA0f2D0992AC4d688A35eB5c543F
Targets
-
-
Target
3b43751ed88e4d1f82cf52ca2d4477e3e35c35f08c1b4e3ab21c80720601e804.exe
-
Size
54KB
-
MD5
439ef1ddf569a7d6a8280a229357fcfc
-
SHA1
c1a5dfd851337cd12770244c97e83b7066dea781
-
SHA256
3b43751ed88e4d1f82cf52ca2d4477e3e35c35f08c1b4e3ab21c80720601e804
-
SHA512
fe4c2a55135f065af8733a1eeb9904353b7279f44ecb8732c58067d4b15f03c5c15d10857994943e785c35a688ca2ee9f333abf3a6dca80542d651be6b77e75e
-
SSDEEP
768:gDq17yBfcKW/engJIYVQIz2yNVn/+Q7tXZ70OSWas5Y:MqM6/OgS4Qs3F7tJ7nSW55
Score10/10-
RagnarLocker
Ransomware first seen at the end of 2019, which has been used in targetted attacks against multiple companies.
-
Modifies boot configuration data using bcdedit
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-