General
-
Target
1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539
-
Size
53KB
-
Sample
230127-l1tx6aab57
-
MD5
7791c18c9d4a94d80a7928644937c070
-
SHA1
41fca79af1747a862864d2c9114648d6f5404bed
-
SHA256
1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539
-
SHA512
81043a21b0e0588b3594210b2339c656d994b72b2787da68a5f433992e054c2bec961e4403997ec846f38862c15a1ff6c5f9faece1b122e838baec759e14f012
-
SSDEEP
768:XZvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5VmXOt:XZeytM3alnawrRIwxVSHMweio3xt
Static task
static1
Behavioral task
behavioral1
Sample
1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539
-
Size
53KB
-
MD5
7791c18c9d4a94d80a7928644937c070
-
SHA1
41fca79af1747a862864d2c9114648d6f5404bed
-
SHA256
1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539
-
SHA512
81043a21b0e0588b3594210b2339c656d994b72b2787da68a5f433992e054c2bec961e4403997ec846f38862c15a1ff6c5f9faece1b122e838baec759e14f012
-
SSDEEP
768:XZvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5VmXOt:XZeytM3alnawrRIwxVSHMweio3xt
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-