General
-
Target
tzw_1.exe
-
Size
106KB
-
Sample
230206-1ea1gsbb9v
-
MD5
341c316be98f624f7321d198c5345bc9
-
SHA1
d034880d1233d579854e17b6ffad67a18fb33923
-
SHA256
6d3312e3992dc1244be5518718bb42558057f7ec59a50009892846acf58481d9
-
SHA512
52458d639d66cc8f09e80bd958e01041c8a24c6d2448f0deaaf643ec5fc6902e4db9491897bc6cd836a766f74e60d5c1a2bd9457dba7a7cae047f0c757e3efa3
-
SSDEEP
3072:USXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1/:dHpVCf/mxeBuARO+7b8
Static task
static1
Behavioral task
behavioral1
Sample
tzw_1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tzw_1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
\??\M:\Boot\cs-CZ\ReadMe.txt
http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?72YITDOYJT
https://yip.su/2QstD5
Extracted
C:\odt\ReadMe.txt
http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?72YABDFGIK
https://yip.su/2QstD5
Targets
-
-
Target
tzw_1.exe
-
Size
106KB
-
MD5
341c316be98f624f7321d198c5345bc9
-
SHA1
d034880d1233d579854e17b6ffad67a18fb33923
-
SHA256
6d3312e3992dc1244be5518718bb42558057f7ec59a50009892846acf58481d9
-
SHA512
52458d639d66cc8f09e80bd958e01041c8a24c6d2448f0deaaf643ec5fc6902e4db9491897bc6cd836a766f74e60d5c1a2bd9457dba7a7cae047f0c757e3efa3
-
SSDEEP
3072:USXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1/:dHpVCf/mxeBuARO+7b8
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-