Extracted

Extracted

• • Target

    cdaf240960ef6c5d9b81b9843bafaa56700e8fa848dca85cb401061d22f5ec27

  • Size

    802KB

  • MD5

    102c9d8d99c9f453053d1f49620df11f

  • SHA1

    47ab2f2f660832e3a38f6dee882431a5a2404729

  • SHA256

    cdaf240960ef6c5d9b81b9843bafaa56700e8fa848dca85cb401061d22f5ec27

  • SHA512

    adbe66cb6be6cbc082cda769caed32bd8bd8c514dfc229c54ea173385cfa4ff713b60327f550e27229732f2c1382e0038fe40c8ba16a5d0f5d44314a3a70a04e

  • SSDEEP

    12288:FgORozerFqm6tU2L6kwt0Z9YlU+iyKAqYpBuT+ZlI4O3dRvUC8yr3e9JKjv6JfPf:FZRFxVYJL7jYlU3vAqYphHcLmwCdSRkj

  Score

  10^/10

  ctblockerransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2