General
-
Target
a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b
-
Size
622KB
-
Sample
221126-x8lsascf6t
-
MD5
0ff10287b4c50e0d11ab998a28529415
-
SHA1
d44462becb1770b6477e1f15d12f78d17f7f11b8
-
SHA256
a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b
-
SHA512
7c18741724e22545a5a49d80bac593c4f9ccb82880e8814543f9ecc98a0329a7551cbef19b77f19eb51d87ea96aacaa43232d58282329408b2181032dcedf8cb
-
SSDEEP
12288:w7iCIiNAQBrsU055lu329bWPVu7ziF7aqlqFXM5I56BsJLT5kjQ67ThpkU:YpnAbl55luQbWgCFh0FqI5HLT5kjQ6vc
Behavioral task
behavioral1
Sample
a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b
-
Size
622KB
-
MD5
0ff10287b4c50e0d11ab998a28529415
-
SHA1
d44462becb1770b6477e1f15d12f78d17f7f11b8
-
SHA256
a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b
-
SHA512
7c18741724e22545a5a49d80bac593c4f9ccb82880e8814543f9ecc98a0329a7551cbef19b77f19eb51d87ea96aacaa43232d58282329408b2181032dcedf8cb
-
SSDEEP
12288:w7iCIiNAQBrsU055lu329bWPVu7ziF7aqlqFXM5I56BsJLT5kjQ67ThpkU:YpnAbl55luQbWgCFh0FqI5HLT5kjQ6vc
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-