General
-
Target
tzw_2.exe
-
Size
106KB
-
Sample
230206-1ef7habb9x
-
MD5
f1ab4f5cbf5fc72c4033699edadc4622
-
SHA1
858f3f7f656397fcf43ac5ea13d6d4cbe7a5ca11
-
SHA256
c333a0afa8f9c38ff61d3618d8d3c7749e88cbba269c3345706898224da679dd
-
SHA512
e4df529da677f28ce5e44d6756f11d3ea35a4170b1a55e745e8a1e971c136c8d2723d485a4776873a085e9e7efdd5ea6d4360ef75a358984aab0160af7393202
-
SSDEEP
3072:2SXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1M:vHpVCf/mxeBuARij7b8
Static task
static1
Behavioral task
behavioral1
Sample
tzw_2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
tzw_2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
\??\M:\Boot\cs-CZ\ReadMe.txt
http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71DYTOJDYT
https://yip.su/2QstD5
Extracted
\??\M:\Boot\bg-BG\ReadMe.txt
http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71LNOQHTVW
https://yip.su/2QstD5
Targets
-
-
Target
tzw_2.exe
-
Size
106KB
-
MD5
f1ab4f5cbf5fc72c4033699edadc4622
-
SHA1
858f3f7f656397fcf43ac5ea13d6d4cbe7a5ca11
-
SHA256
c333a0afa8f9c38ff61d3618d8d3c7749e88cbba269c3345706898224da679dd
-
SHA512
e4df529da677f28ce5e44d6756f11d3ea35a4170b1a55e745e8a1e971c136c8d2723d485a4776873a085e9e7efdd5ea6d4360ef75a358984aab0160af7393202
-
SSDEEP
3072:2SXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1M:vHpVCf/mxeBuARij7b8
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-