General
-
Target
e_win.bin
-
Size
79KB
-
Sample
230310-xn7h9sgg6w
-
MD5
3c070554f9b588ac31e317be5d5f5120
-
SHA1
43ff7548df9f8597a4a0e8af82fb75ad622f6750
-
SHA256
10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f
-
SHA512
9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b
-
SSDEEP
1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Static task
static1
Behavioral task
behavioral1
Sample
e_win.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e_win.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
e_win.bin
-
Size
79KB
-
MD5
3c070554f9b588ac31e317be5d5f5120
-
SHA1
43ff7548df9f8597a4a0e8af82fb75ad622f6750
-
SHA256
10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f
-
SHA512
9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b
-
SSDEEP
1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-