General
-
Target
d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981
-
Size
460KB
-
Sample
221128-f4savade2t
-
MD5
ad1fbf4bd151e7d15210a1825d5f09e4
-
SHA1
32f5e56271ad25af3c1ef94df6cf3db010508d8d
-
SHA256
d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981
-
SHA512
9dca92e995069ab65a4455d861b86d53203ab166a001eaeaa5764fcc0dea4400326bb4efa491f46931868779d0459c635b332d97c5f7642d800d93901b4fe524
-
SSDEEP
6144:7sGoRJkv01CWcAQShgQeAqkQf9FUzt3VTVSEzVVp2oyGCCKNxOKsX9s5iXSyVG8/:pkUQVcA5f+fHqt3XSq1CbhsX9HhMnnu
Static task
static1
Behavioral task
behavioral1
Sample
d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981
-
Size
460KB
-
MD5
ad1fbf4bd151e7d15210a1825d5f09e4
-
SHA1
32f5e56271ad25af3c1ef94df6cf3db010508d8d
-
SHA256
d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981
-
SHA512
9dca92e995069ab65a4455d861b86d53203ab166a001eaeaa5764fcc0dea4400326bb4efa491f46931868779d0459c635b332d97c5f7642d800d93901b4fe524
-
SSDEEP
6144:7sGoRJkv01CWcAQShgQeAqkQf9FUzt3VTVSEzVVp2oyGCCKNxOKsX9s5iXSyVG8/:pkUQVcA5f+fHqt3XSq1CbhsX9HhMnnu
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-