General
-
Target
HEUR-Trojan.MSIL.Diztakun.gen-5e85f99fa8cd28b0cf1d9c5dbfe47c82ff1ada5727c5bf5007a11e8e9890cb9b.exe
-
Size
216KB
-
Sample
220929-pq7m2sagb7
-
MD5
d06622833d3ee1c907d90bccec01ec74
-
SHA1
dcdc748bb8a8cb4d16c2d88e40fbd634b2396d42
-
SHA256
5e85f99fa8cd28b0cf1d9c5dbfe47c82ff1ada5727c5bf5007a11e8e9890cb9b
-
SHA512
119822dcc655cf9a9bd708992811cdb46d216ca5e77fb1f461290e37545cb348ea0ccd232ee1fb1c42d4ad91ec16aa93bbdf75829807c61934d97a8f84feb735
-
SSDEEP
3072:o7DtWs7prq6+ouCpk2mpcWJ0r+QNTBf8JMzmmsoltIrRuw+mqv9j1MWLQKq7:o7Jpldk1cWQRNTB0izmDAtS
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan.MSIL.Diztakun.gen-5e85f99fa8cd28b0cf1d9c5dbfe47c82ff1ada5727c5bf5007a11e8e9890cb9b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.MSIL.Diztakun.gen-5e85f99fa8cd28b0cf1d9c5dbfe47c82ff1ada5727c5bf5007a11e8e9890cb9b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.txt
CobraLocker@mail2tor.com
http://mail2tor2zyjdctd.onion/
Targets
-
-
Target
HEUR-Trojan.MSIL.Diztakun.gen-5e85f99fa8cd28b0cf1d9c5dbfe47c82ff1ada5727c5bf5007a11e8e9890cb9b.exe
-
Size
216KB
-
MD5
d06622833d3ee1c907d90bccec01ec74
-
SHA1
dcdc748bb8a8cb4d16c2d88e40fbd634b2396d42
-
SHA256
5e85f99fa8cd28b0cf1d9c5dbfe47c82ff1ada5727c5bf5007a11e8e9890cb9b
-
SHA512
119822dcc655cf9a9bd708992811cdb46d216ca5e77fb1f461290e37545cb348ea0ccd232ee1fb1c42d4ad91ec16aa93bbdf75829807c61934d97a8f84feb735
-
SSDEEP
3072:o7DtWs7prq6+ouCpk2mpcWJ0r+QNTBf8JMzmmsoltIrRuw+mqv9j1MWLQKq7:o7Jpldk1cWQRNTB0izmDAtS
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops desktop.ini file(s)
-