General
-
Target
e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f.zip
-
Size
3.3MB
-
Sample
221027-m1cvbabhc2
-
MD5
1be5c06e51392d4039230172194537af
-
SHA1
7aca4262621e563e207e8cb2a6bbfd8ab48b0b12
-
SHA256
86d252ae6702d04a88430dc9d6d3c05693f662640d730f486750bc62d9544917
-
SHA512
6536a4a8d44913247d99971d62f3e095fa3420f9a6c87244e3f5e080347be8c83548a4e913506f48422680811d39ede755f91256445f8666e620fd6b2981632d
-
SSDEEP
98304:oiw2VKbZuk6wqsMFTGBzM17x2SGWDA1B/ZIR4XBLh:ocIZU/OzM17vGyAb/ZD7
Static task
static1
Behavioral task
behavioral1
Sample
e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f.exe
Resource
win10-20220901-en
Malware Config
Extracted
\??\c:\Users\pay_the_piper.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CA78BD67965B1577
http://decryptor.cc/CA78BD67965B1577
Extracted
\??\c:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\pay_the_piper.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CA78BD67965B1577
http://decryptor.cc/CA78BD67965B1577
Targets
-
-
Target
e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f.exe
-
Size
6.3MB
-
MD5
6eb69acd2ac82be838c8b3d8910b0d70
-
SHA1
6316421e06a6000f9736696f3b0d1f08ac1134c7
-
SHA256
e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f
-
SHA512
2b5402b5270bdc6949c2eebdc1ef4855f77a8e06cb894a7315ce24bdd45ab10d1b279282d50aef17ca7641b0279e08b1320295e1dfadf0f1a8607c901a1cce5d
-
SSDEEP
98304:O0ocX1uVfOpOdS6Ua6Jt95JO+APX1pG/OGqjB5bOf:X/X1uVfOpOdSVa6Jfx
Score10/10-
Clears Windows event logs
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets file execution options in registry
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-