General
-
Target
16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20.exe
-
Size
48KB
-
Sample
221004-lw7nfsaeb5
-
MD5
4f6173eb23deaff1670b1b2f0f6882fe
-
SHA1
8b0aa4a785803ebcd71fa71dfe5b3671c1ab6c13
-
SHA256
16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20
-
SHA512
192bf3985320e342d6808b5581f2dbcdfaafe57ebd6c08e067b1609568790432f03f7af123e3f7ddeafe94ad2ede11ab295fbc28c9111caf50f66af597e66735
-
SSDEEP
768:AUAXzPLCUW6R/bUHUWSLa/SET7Q74guCNP:YC16lYHMa7TU3xP
Static task
static1
Behavioral task
behavioral1
Sample
16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt
Extracted
C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt
Targets
-
-
Target
16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20.exe
-
Size
48KB
-
MD5
4f6173eb23deaff1670b1b2f0f6882fe
-
SHA1
8b0aa4a785803ebcd71fa71dfe5b3671c1ab6c13
-
SHA256
16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20
-
SHA512
192bf3985320e342d6808b5581f2dbcdfaafe57ebd6c08e067b1609568790432f03f7af123e3f7ddeafe94ad2ede11ab295fbc28c9111caf50f66af597e66735
-
SSDEEP
768:AUAXzPLCUW6R/bUHUWSLa/SET7Q74guCNP:YC16lYHMa7TU3xP
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-