General
-
Target
9272022_diav1.exe
-
Size
227KB
-
Sample
220926-wlymxabfa7
-
MD5
2f62c5385dc49b91f5bd5e2a42f75fe6
-
SHA1
fdfdfacde0b898d13b01b1ab95d09d55196a13f5
-
SHA256
28b3ecf298a47f0e3db76f087e056f30736dab5a0d0a367cb48651897fa617d7
-
SHA512
45aa5c281ab9d0e5c01b8da10a96416b2d01f0d57662ccbc1394b8f0dea1baa9d349675bd58a069e6ad005bf7601452bba17edefdb8f309c9bcc909d2364b351
-
SSDEEP
3072:v+HwIahsiDzTvGvJTkwEluO9GYSFR8HenNGmeu9+hvwG:GHZs/LeJTkz0YGYSz1n1id
Static task
static1
Behavioral task
behavioral1
Sample
9272022_diav1.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
9272022_diav1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-4063495947-34355257-727531523-1000\WARNING.TXT
https://www.zscaler.com/resources/security-terms-glossary/what-is-double-extortion-ransomware
https://7ypnbv3snejqmgce4kbewwvym4cm5j6lkzf2hra2hyhtsvwjaxwipkyd.onion/
Targets
-
-
Target
9272022_diav1.exe
-
Size
227KB
-
MD5
2f62c5385dc49b91f5bd5e2a42f75fe6
-
SHA1
fdfdfacde0b898d13b01b1ab95d09d55196a13f5
-
SHA256
28b3ecf298a47f0e3db76f087e056f30736dab5a0d0a367cb48651897fa617d7
-
SHA512
45aa5c281ab9d0e5c01b8da10a96416b2d01f0d57662ccbc1394b8f0dea1baa9d349675bd58a069e6ad005bf7601452bba17edefdb8f309c9bcc909d2364b351
-
SSDEEP
3072:v+HwIahsiDzTvGvJTkwEluO9GYSFR8HenNGmeu9+hvwG:GHZs/LeJTkz0YGYSz1n1id
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Drops desktop.ini file(s)
-