General
-
Target
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.zip
-
Size
44KB
-
Sample
230309-w9cqcabd2x
-
MD5
b8b2b5361031ed8136002403ec3bc357
-
SHA1
0d527a2ac917613ff873ff738d2daf7d6acb9d5f
-
SHA256
190efd8437c972b5dc4c9d51ee099d3c9a59f90c12b5aeb742744ab8f733adf1
-
SHA512
7c5091b8e9056ec19d5beea5581b1eb9e29117f84106b179076f24028f08db5d595bd70828b05610a51c39318a2474725adbf845e96a016a9114990b8ab822e1
-
SSDEEP
768:ItMKLR6NZnfzODPu7QGMTzqcizoWQ7+DR8SZ6lRaqjdwVQu+LqgM:gMCR6vLODtJ3qcc2S2a0IQPqgM
Static task
static1
Behavioral task
behavioral1
Sample
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\users\public\desktop\info.hta
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\users\public\desktop\info.hta
Targets
-
-
Target
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe
-
Size
69KB
-
MD5
25a54e24e9126fba91ccb92143136e9f
-
SHA1
27e0e9a39d77a59374b79d31e150ad50a5c622c9
-
SHA256
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc
-
SHA512
156c48c86ddb192b0a8749020890c8a5b6890002bcfedd656b2ae9ea47081a51f0509fbe6f736151de5cab348d6d8d6f871ebe283cdbe20f40cb243fba3ca9cd
-
SSDEEP
1536:BkGB8nHbKUvryElSpi8jCZGcqDKlKnr8dM4CWYi:BFBMHRvrAjCZmKcnr89CW
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-