General
-
Target
4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167
-
Size
898KB
-
Sample
230215-nhyvhabc7x
-
MD5
61b32a82577a7ea823ff7303ab6b4283
-
SHA1
9107c719795fa5768498abb4fed11d907e44d55e
-
SHA256
4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167
-
SHA512
86ac9d3d0804f5dd3ebe08ab59058363bceeaa3f42d2d482f97ce688837b3b81693fde2b973250b93ee3223318b0f8e4f2faf6b0f91017807feacabce979d700
-
SSDEEP
12288:20lnPLRBrenjExzDKNg6dNoQl+vtMyOo/mSVTWa5QLeuXwuxbvRr/LpiRPMBp:201PLX0GferoQOMyySVa/VFbvhtiRPo
Static task
static1
Behavioral task
behavioral1
Sample
4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\DECRYPT-FILES.txt
maze
http://aoacugmutagkwctu.onion/6cc30cc3a534c1ad
https://mazedecrypt.top/6cc30cc3a534c1ad
Extracted
C:\DECRYPT-FILES.txt
maze
http://aoacugmutagkwctu.onion/6bed0cae75af675b
https://mazedecrypt.top/6bed0cae75af675b
Targets
-
-
Target
4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167
-
Size
898KB
-
MD5
61b32a82577a7ea823ff7303ab6b4283
-
SHA1
9107c719795fa5768498abb4fed11d907e44d55e
-
SHA256
4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167
-
SHA512
86ac9d3d0804f5dd3ebe08ab59058363bceeaa3f42d2d482f97ce688837b3b81693fde2b973250b93ee3223318b0f8e4f2faf6b0f91017807feacabce979d700
-
SSDEEP
12288:20lnPLRBrenjExzDKNg6dNoQl+vtMyOo/mSVTWa5QLeuXwuxbvRr/LpiRPMBp:201PLX0GferoQOMyySVa/VFbvhtiRPo
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Sets desktop wallpaper using registry
-