General
-
Target
Crypter.exe
-
Size
129KB
-
Sample
230328-hpt71ahe24
-
MD5
9c62af504ce79cc4c0bbcc2612f3c4db
-
SHA1
37c01dc0342c161569e9d434246dc42962c00860
-
SHA256
43c9c228baf00bc4614fdeb578eb84ad2232cef6c2820046b0b9fec502be573f
-
SHA512
3572b9dde32844ba873de6c994dcf42e71bc217806390d6cf9d767d4c837266592087837aa70991604e3bd283a27a6e11d1d48177996213e8575326f86f839f3
-
SSDEEP
3072:qLbLpVIYbQf91G3im/2Ef07JysgNv8Ofr4pt6Y46ab6koEMQBfjS3f2vYeBgrOi4:qTpVXvxyq6ko0BSveYprzOu3ScuT06
Static task
static1
Behavioral task
behavioral1
Sample
Crypter.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Crypter.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
Crypter.exe
-
Size
129KB
-
MD5
9c62af504ce79cc4c0bbcc2612f3c4db
-
SHA1
37c01dc0342c161569e9d434246dc42962c00860
-
SHA256
43c9c228baf00bc4614fdeb578eb84ad2232cef6c2820046b0b9fec502be573f
-
SHA512
3572b9dde32844ba873de6c994dcf42e71bc217806390d6cf9d767d4c837266592087837aa70991604e3bd283a27a6e11d1d48177996213e8575326f86f839f3
-
SSDEEP
3072:qLbLpVIYbQf91G3im/2Ef07JysgNv8Ofr4pt6Y46ab6koEMQBfjS3f2vYeBgrOi4:qTpVXvxyq6ko0BSveYprzOu3ScuT06
Score9/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-