General
-
Target
Q7B3RC.bin.exe
-
Size
229KB
-
Sample
230311-vgtygsae75
-
MD5
2979ed84c4ca3deb2924bd1f26bf88bd
-
SHA1
8f01f9112904389e0b53a25506ef69f99cc0fa1b
-
SHA256
bcf49e8f493c9eff83d9bc891e91dc91777f02b4f176e44b20f9a2d651f20fc3
-
SHA512
bd0088d587357851da5e4a7bd9cb1034c404cd5db9a12b9b27efa68a8a28b250d4a2c7346eff0cd14955713cbc13698a6c646d0d573602ccc0f7bda3d0c2d37f
-
SSDEEP
6144:oNxyvPouZtK58suC/004GKXkq4RUs3fyW:oNxyXNtK58su3Z0RPj
Behavioral task
behavioral1
Sample
Q7B3RC.bin.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Q7B3RC.bin.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
\Device\HarddiskVolume1\Boot\da-DK\!!!HOW_TO_DECRYPT!!!.txt
https://tox.chat/download.html
Targets
-
-
Target
Q7B3RC.bin.exe
-
Size
229KB
-
MD5
2979ed84c4ca3deb2924bd1f26bf88bd
-
SHA1
8f01f9112904389e0b53a25506ef69f99cc0fa1b
-
SHA256
bcf49e8f493c9eff83d9bc891e91dc91777f02b4f176e44b20f9a2d651f20fc3
-
SHA512
bd0088d587357851da5e4a7bd9cb1034c404cd5db9a12b9b27efa68a8a28b250d4a2c7346eff0cd14955713cbc13698a6c646d0d573602ccc0f7bda3d0c2d37f
-
SSDEEP
6144:oNxyvPouZtK58suC/004GKXkq4RUs3fyW:oNxyXNtK58su3Z0RPj
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Modifies file permissions
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-