General
-
Target
Trojan-Ransom.Win32.Blocker.dflb-dc2add0b011dc2b4ae2511caa812858bbe370cf22721e46c264542ce29d60c6e
-
Size
909KB
-
Sample
221106-vgqaaseddk
-
MD5
be95306ba1b3d87913f6f8dd5f86cbc3
-
SHA1
5901ba5c4199e5bb8b58dae9ae78566afbb44fa2
-
SHA256
dc2add0b011dc2b4ae2511caa812858bbe370cf22721e46c264542ce29d60c6e
-
SHA512
0a413cc1922d87474781cff268a3bb2170050148bb4eaa36411f28c2ca4e008b947ba4d60cc194511b59dc43a079eabd37fa01f5048ba2017c1a7959f34791e0
-
SSDEEP
24576:iUWqist6UzuAKg6s11X38rMrIzv6B50xq:iUUJUzJKz8F5eS0M
Static task
static1
Behavioral task
behavioral1
Sample
Trojan-Ransom.Win32.Blocker.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Trojan-Ransom.Win32.Blocker.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.dflb-dc2add0b011dc2b4ae2511caa812858bbe370cf22721e46c264542ce29d60c6e
-
Size
909KB
-
MD5
be95306ba1b3d87913f6f8dd5f86cbc3
-
SHA1
5901ba5c4199e5bb8b58dae9ae78566afbb44fa2
-
SHA256
dc2add0b011dc2b4ae2511caa812858bbe370cf22721e46c264542ce29d60c6e
-
SHA512
0a413cc1922d87474781cff268a3bb2170050148bb4eaa36411f28c2ca4e008b947ba4d60cc194511b59dc43a079eabd37fa01f5048ba2017c1a7959f34791e0
-
SSDEEP
24576:iUWqist6UzuAKg6s11X38rMrIzv6B50xq:iUUJUzJKz8F5eS0M
-
Modifies visiblity of hidden/system files in Explorer
-
NetWire RAT payload
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-