General
-
Target
pycryptopayload.exe
-
Size
23.9MB
-
Sample
230303-rrhreshg85
-
MD5
ec74dbce58746b38fd7b4c893e6a0055
-
SHA1
52f9654a1c15d8bf22a45db456792fc9ee3f1195
-
SHA256
e3e691a9c78c57df9fd04725cc230502f0c1c9c60f8cdfad677c65458409a7f2
-
SHA512
5ecb1ba09f838838dbfceed00a9324b8f85d0f4dc9e8c51e3a77ae55031417ad453c5462c3947990801583aab4e018d8ad56b8cee4a4651e131a6945d058dde6
-
SSDEEP
393216:V+vUWv/HL2Vmo2WtYjUaNRDHvcrwhvr+bUn2KekLTH6mp/WViHW0Gzajaq3+d9Xn:V4UYyVmVfjrRj0r6+bUno0fcElOd9Xg2
Behavioral task
behavioral1
Sample
pycryptopayload.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
pycryptopayload.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Pictures\README.txt
demonware
https://keys.zeznzo.nl
Targets
-
-
Target
pycryptopayload.exe
-
Size
23.9MB
-
MD5
ec74dbce58746b38fd7b4c893e6a0055
-
SHA1
52f9654a1c15d8bf22a45db456792fc9ee3f1195
-
SHA256
e3e691a9c78c57df9fd04725cc230502f0c1c9c60f8cdfad677c65458409a7f2
-
SHA512
5ecb1ba09f838838dbfceed00a9324b8f85d0f4dc9e8c51e3a77ae55031417ad453c5462c3947990801583aab4e018d8ad56b8cee4a4651e131a6945d058dde6
-
SSDEEP
393216:V+vUWv/HL2Vmo2WtYjUaNRDHvcrwhvr+bUn2KekLTH6mp/WViHW0Gzajaq3+d9Xn:V4UYyVmVfjrRj0r6+bUno0fcElOd9Xg2
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-