Overview

overview

8

Static

static

b0d998157a...f7.exe

windows7-x64

8

b0d998157a...f7.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.zip

  • Size

    1.1MB

  • Sample

    221124-rgam3ahf49

  • MD5

    1fa2b0b9d61c7cc6280453c97ce6c57b

  • SHA1

    97d38049d7b34253668a1478359ca7da7c7ae45d

  • SHA256

    d9ec38eb3969f4f066c8864631262547b90c1bb1653a2da964310b2ec0160c9c

  • SHA512

    59ef575eb0f6f2d46b3ff9c01dde441be1ab20bf727337c17866d85fa50f05dc898e5856dc9b5306d8aa677ac310f043ca5f720b56822805ebb9a87aeded74ae

  • SSDEEP

    24576:TPhPyF4NWu1KuuVfVL4zRB5tNVrtfrINd0OfaecswEd9pNXRzKvfuS08mHubpP60:TJPyF4Nr1XqtL+RBNRVry5cFs93pSfx5

Score
8/10
ransomware

Malware Config

Targets

    • Target

      b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.exe

    • Size

      1.7MB

    • MD5

      2010f94a111ab8d9e0a25d7aefd2704e

    • SHA1

      cc5fb0d3c2ac669a04ce073e2023200107a1846a

    • SHA256

      b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7

    • SHA512

      daec0ed4e7ed5467c9b59db2976227f142a56f1e3eadd138baf6281d63ea565849da08c1ffcad056fc49909a42d16b79bbcf546ef37977f3e386566ca3dbcc71

    • SSDEEP

      24576:GhGyCHW7fOpOQWzYSQ6iRUxgrGEMr3LvDUUk1+CtdEckOOZ2K7bGqvUCSVt:GhGVHWyOrVuUUMrbZk1yckOOZ2fyUtr

    Score
    8/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks