General
-
Target
1d8c57cb4103be45549b6c48aa4ea55b3baac28a0033d681d7842efce4a28cf3
-
Size
890KB
-
Sample
221128-wmtekseb64
-
MD5
edeb5dea8ad10ae0102a5888991036b9
-
SHA1
8ba3ed9ab88b8fd8c77ede0f304deeec8cef843d
-
SHA256
1d8c57cb4103be45549b6c48aa4ea55b3baac28a0033d681d7842efce4a28cf3
-
SHA512
7bc2c3ffa882abf8b45cdd4df0677aee2495c453b3fcfc486a5321ff14b62cce35566efce579f5773164cdc55d39e9e97fa57833b337d1e7def888d13838cecd
-
SSDEEP
12288:3GjEJ5DY3YJW1QNCfFKVIm3vLZabIIsOihKlz3wp0dN2ZENtLfiIPDtOkYl9a:xn9HI8Ebdihs3K0HPN57PxOM
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\!Decrypt-All-Files-hlvcmzk.txt
http://kph3onblkthy4z37.onion.cab
http://kph3onblkthy4z37.tor2web.org
http://kph3onblkthy4z37.onion/
Targets
-
-
Target
1d8c57cb4103be45549b6c48aa4ea55b3baac28a0033d681d7842efce4a28cf3
-
Size
890KB
-
MD5
edeb5dea8ad10ae0102a5888991036b9
-
SHA1
8ba3ed9ab88b8fd8c77ede0f304deeec8cef843d
-
SHA256
1d8c57cb4103be45549b6c48aa4ea55b3baac28a0033d681d7842efce4a28cf3
-
SHA512
7bc2c3ffa882abf8b45cdd4df0677aee2495c453b3fcfc486a5321ff14b62cce35566efce579f5773164cdc55d39e9e97fa57833b337d1e7def888d13838cecd
-
SSDEEP
12288:3GjEJ5DY3YJW1QNCfFKVIm3vLZabIIsOihKlz3wp0dN2ZENtLfiIPDtOkYl9a:xn9HI8Ebdihs3K0HPN57PxOM
Score10/10-
CTB-Locker
Ransomware family which uses Tor to hide its C2 communications.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-