General
-
Target
804cc598b3b5f0c4e11a184a2f5da4b668ad1557eee972894e99aef781fff7a1
-
Size
1.0MB
-
Sample
221124-wqgvysba42
-
MD5
3bec3b0adf1e8e1e1ccc8dc6751c16b0
-
SHA1
92adb33367fd4192ce80cc0a734416b29742d050
-
SHA256
804cc598b3b5f0c4e11a184a2f5da4b668ad1557eee972894e99aef781fff7a1
-
SHA512
d17cf5d2fcc7b7a7ee3a1aaa9f287caa4703690f4e7089db3022524a3aa7cf589d4f63a62a89f4f8ae1e2cce3a5f043bd82df8c960d545a719abb71097bd3fef
-
SSDEEP
12288:uAAligk8G2carFVcVKcovYGm4+UDQcZiRU0W7AGpnYgzQsAFv0XVE7gPsZpGnnvO:ulKvwrkKc2/IUB7A8AFv0X27HZkv8
Static task
static1
Behavioral task
behavioral1
Sample
804cc598b3b5f0c4e11a184a2f5da4b668ad1557eee972894e99aef781fff7a1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
804cc598b3b5f0c4e11a184a2f5da4b668ad1557eee972894e99aef781fff7a1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\HELP.TXT
http://lorenzedzgezlufsyu26s5onxjjakikbpbwo7km6upptlxp5m3ytftad.onion
http://lorenzedzgezlufsyu26s5onxjjakikbpbwo7km6upptlxp5m3ytftad.onion.ly
http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion
https://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion.ly
Targets
-
-
Target
804cc598b3b5f0c4e11a184a2f5da4b668ad1557eee972894e99aef781fff7a1
-
Size
1.0MB
-
MD5
3bec3b0adf1e8e1e1ccc8dc6751c16b0
-
SHA1
92adb33367fd4192ce80cc0a734416b29742d050
-
SHA256
804cc598b3b5f0c4e11a184a2f5da4b668ad1557eee972894e99aef781fff7a1
-
SHA512
d17cf5d2fcc7b7a7ee3a1aaa9f287caa4703690f4e7089db3022524a3aa7cf589d4f63a62a89f4f8ae1e2cce3a5f043bd82df8c960d545a719abb71097bd3fef
-
SSDEEP
12288:uAAligk8G2carFVcVKcovYGm4+UDQcZiRU0W7AGpnYgzQsAFv0XVE7gPsZpGnnvO:ulKvwrkKc2/IUB7A8AFv0X27HZkv8
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-