Extracted

Extracted

• • Target

    e26bd11c525dfca4152ed74b2fb97e5c30a091239c2dbe877a312a1cfcf34004

  • Size

    820KB

  • MD5

    53efb689f9f56262b571f68b11a21839

  • SHA1

    0d31c13c910cbb2dd2979a3762a9223aa12eceee

  • SHA256

    e26bd11c525dfca4152ed74b2fb97e5c30a091239c2dbe877a312a1cfcf34004

  • SHA512

    f7c2723cee0b9d8db1f910e852d4e66f2a10de0710a106676b4f1a07cd6e8e49987d1cac9b30007014f9f8e108d0baccdbca2b7ce4ff863a09570851b9cbf43b

  • SSDEEP

    24576:0tkyyQSspmUheMMyo+g7d9TEE4Zm36B5qbN8:0vSspFeMMDbd1F6BY

  Score

  10^/10

  ctblockerransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2