General
-
Target
bbd4c2d2c72648c8f871b36261be23fd.bin
-
Size
187KB
-
Sample
230308-b5h2cach41
-
MD5
21d7f443f8813d07af1c640f0288f550
-
SHA1
bb0aafecb6be4a47284ea0f6f926513679ac788c
-
SHA256
c87e82686b2d1e7f635fb7cd8a4cb5c334371673b73d323eba37ba24acb99b88
-
SHA512
57a922df110de5d1596b754074e9564dad49bf068d984252688c0c348d7c8054cf08be7f2a0a6feaf5bdb985cdd0f7e06945189fe9bdef2f2f613ede8dd8ae69
-
SSDEEP
3072:h73er7pe16hmCXMjZbbQNkxpiD4n2rENJ91M0c9/3vUMEbC9hoGcjIJeQW:t3efpS6hNcjZb8Nlk2oNj3cyshoGc8RW
Static task
static1
Behavioral task
behavioral1
Sample
9e87f069de22ceac029a4ac56e6305d2df54227e6b0f0b3ecad52a01fbade021.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9e87f069de22ceac029a4ac56e6305d2df54227e6b0f0b3ecad52a01fbade021.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
9e87f069de22ceac029a4ac56e6305d2df54227e6b0f0b3ecad52a01fbade021.exe
-
Size
338KB
-
MD5
bbd4c2d2c72648c8f871b36261be23fd
-
SHA1
77c525e6b8a5760823ad6036e60b3fa244db8e42
-
SHA256
9e87f069de22ceac029a4ac56e6305d2df54227e6b0f0b3ecad52a01fbade021
-
SHA512
38f2ff3b7ff6faa63ef0a3200e0dbb9e48e1d404a065f6919cb6d245699479896a42316f299c33c8cc068922934c64f8aa06c88b000d1676870c1d0c0f18e14a
-
SSDEEP
6144:zUrigyvF8Q9fLglQ8t0qabFDfOdQ/LDA8H+wwaMZUUAOq+mwNf8fsS+:zUrigY8QBLg9t0qabFDGdQ/TlYiUQ+Vz
-
Enumerates VirtualBox registry keys
-
Looks for VirtualBox Guest Additions in registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Sets desktop wallpaper using registry
-