General
-
Target
a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b
-
Size
48KB
-
Sample
221005-vz2q2sfcbr
-
MD5
2d00a47dc5e334f9e81f05330c83a119
-
SHA1
64a464bd6d0aedb623c9ffc278866b36828db40f
-
SHA256
a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b
-
SHA512
2ae6d14f9b8d84aeff03e2202988238c6d3dde42b509352519b1aa7c543f66b2a3779f52ec491ae4e6ab585a023df0d663e148b5396e3501ec49d9c786908b19
-
SSDEEP
768:JUAX97+ePJejdj1LiRrdHNyGAvP5kRW/7bJvutNN:jpRidBLilVNUP5j/P9sN
Static task
static1
Behavioral task
behavioral1
Sample
a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt
rexplo8sdh1ba6ta18lacue8v9@gmail.com
Extracted
C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt
rexplo8sdh1ba6ta18lacue8v9@gmail.com
Targets
-
-
Target
a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b
-
Size
48KB
-
MD5
2d00a47dc5e334f9e81f05330c83a119
-
SHA1
64a464bd6d0aedb623c9ffc278866b36828db40f
-
SHA256
a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b
-
SHA512
2ae6d14f9b8d84aeff03e2202988238c6d3dde42b509352519b1aa7c543f66b2a3779f52ec491ae4e6ab585a023df0d663e148b5396e3501ec49d9c786908b19
-
SSDEEP
768:JUAX97+ePJejdj1LiRrdHNyGAvP5kRW/7bJvutNN:jpRidBLilVNUP5j/P9sN
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-