General
-
Target
encryptor.zip
-
Size
357KB
-
Sample
230330-twkgxseg8z
-
MD5
53586770fa7c3483b5b6b626ad7130e8
-
SHA1
36e3f72106c29c83a87ad69d58375038d0b6a326
-
SHA256
a673316d048b600b1b9a36f2cb44d1ebd1ad775858c0b231bacd71d0c23d6d59
-
SHA512
360c55a718135790942444193b2a1d20a8fc3047af0d80dbe5eaa5f0a6348d431d6c9ee3b131642f56a5e6ea4b7af65a02a29dac064a102710a49c4a4c690b0f
-
SSDEEP
6144:pdskVMeoO/U+mSfW/t2qOnqbHRiZj3ZiIU594k9E+mcWFq:XskVBU+Ru/t2MbHRGj3WE+PWA
Static task
static1
Behavioral task
behavioral1
Sample
encryptor.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
encryptor.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
encryptor.exe
-
Size
766KB
-
MD5
400fa5d02c1ac704cd290d959b725e67
-
SHA1
456e5cb1739cb5f29020d1a692289a5af07ce90d
-
SHA256
dc563953f845fb88c6375b3e9311ebed49ce4bcd613f7044989304c8de384dac
-
SHA512
0240c6608931d975aa45e2a2c76ea43d311fd4660c091510197e30e65ccb69002e47006d1656abc71425186b3c7823881ae56ea39500afaef0fc4b5094b384ad
-
SSDEEP
12288:aH3fcbXX/qkpwGarA0iKKjk/1RobRWGDmEd7nLTzGnabKJiM:aH3fcbXX9pwGarA0iKj/1RCWGDmIHQpX
Score9/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-