General
-
Target
8470683659.zip
-
Size
101KB
-
Sample
221129-gq9teafc6w
-
MD5
8748ab4c524f1a6db3a102a87a09a12e
-
SHA1
546782fffe627c179fb47cfadef0399f294de26e
-
SHA256
345d50f95494d886ce9003ee365a0cfae2393a811384520b8ff709ccf29c29ca
-
SHA512
3de443ec81d59bf08ba82797498fbd470b73f1d1788d89b5b906607aaeab16bb22c61ee7e94bedc0d6febc0c145ef5c4266e216b1b2de98b4e7a94f526ea140c
-
SSDEEP
3072:oCqI79HLjJ4N8zlFW4xiEWbdNogpq7IwTlCjj:oTIZHLjJ4UNifyCjj
Static task
static1
Behavioral task
behavioral1
Sample
99cb1513a0b129c85d10b008919e821584a2c17e17473c44e187a4e74b0af3ad.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
99cb1513a0b129c85d10b008919e821584a2c17e17473c44e187a4e74b0af3ad.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
\??\Z:\WE CAN RECOVER YOUR DATA.MHT
dear_decript2022@mail2tor.com
dear_decript2022@jabbim.com
Extracted
C:\WE CAN RECOVER YOUR DATA.MHT
dear_decript2022@mail2tor.com
dear_decript2022@jabbim.com
Targets
-
-
Target
99cb1513a0b129c85d10b008919e821584a2c17e17473c44e187a4e74b0af3ad
-
Size
190KB
-
MD5
b611d618e63419ec9b8e257635991d14
-
SHA1
7f7185104dc5d3b814029ccc9772bbe60f64c0f4
-
SHA256
99cb1513a0b129c85d10b008919e821584a2c17e17473c44e187a4e74b0af3ad
-
SHA512
1dff9fa251374dbb419dbc785148025d5870609fced89a8aa58e5b290836944439a01e12da3f8d95a3939e4ead5111fccf52bfcca862dd954bd0caa13b396e29
-
SSDEEP
3072:v3blGV9hulKmhbfvjv69vF6nHynNPFW7Lifa81HhqGUQjN9l8P40N2L:v3bq9UlKgPuEyNFWSb1HV3h8P40IL
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-