General
-
Target
7db66ad64a23f53952dcd72eb1eaef6c063fb79c59db7f096930ea9285838f72
-
Size
184KB
-
Sample
221128-gtcyvabb78
-
MD5
89f059a012a6911765ceaf4e3eefd2f8
-
SHA1
d0aae8d39b153584b3ea8f82b1ccf99ebef6a20c
-
SHA256
7db66ad64a23f53952dcd72eb1eaef6c063fb79c59db7f096930ea9285838f72
-
SHA512
01938da98ff0352db5e8db56ad60158dfd758bba1036cbf31d6e95003254ab8bc5e8abdde6f6850258738099e6468c6fe228e0c32dd73a75a41d3161af468996
-
SSDEEP
3072:kyXt9mTrJfPB6y0TwqjoL0sMjHicmDJij4X0PQgyrkEp92QObfOCLn2O:p4FfZ6zTwhmjsO4XcQ1F9pObp2O
Static task
static1
Behavioral task
behavioral1
Sample
7db66ad64a23f53952dcd72eb1eaef6c063fb79c59db7f096930ea9285838f72.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7db66ad64a23f53952dcd72eb1eaef6c063fb79c59db7f096930ea9285838f72.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7db66ad64a23f53952dcd72eb1eaef6c063fb79c59db7f096930ea9285838f72
-
Size
184KB
-
MD5
89f059a012a6911765ceaf4e3eefd2f8
-
SHA1
d0aae8d39b153584b3ea8f82b1ccf99ebef6a20c
-
SHA256
7db66ad64a23f53952dcd72eb1eaef6c063fb79c59db7f096930ea9285838f72
-
SHA512
01938da98ff0352db5e8db56ad60158dfd758bba1036cbf31d6e95003254ab8bc5e8abdde6f6850258738099e6468c6fe228e0c32dd73a75a41d3161af468996
-
SSDEEP
3072:kyXt9mTrJfPB6y0TwqjoL0sMjHicmDJij4X0PQgyrkEp92QObfOCLn2O:p4FfZ6zTwhmjsO4XcQ1F9pObp2O
Score9/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-