General
-
Target
Ransomware.Win32.Crypt360.zip
-
Size
550KB
-
Sample
230331-v56l7add6x
-
MD5
acb6b05000e9d999f24fb96d1420fa5e
-
SHA1
c5c3c0019ef82987ac9e136957cc2d2e405f9272
-
SHA256
f4d054949f5c075827e9e9d1ad82231adc9f0af9e64637927e967ffddf1116cc
-
SHA512
1467122e938c5ab26e8379f047ec5decf8ba23b11c6c19f2570dea469ee9f03287423ea44636051a32bf7cb561ffdbd8c8ac5cc79b2a6d854aa08efdec7f946a
-
SSDEEP
12288:ZDepED/3KBa+KZviesWSAL2jJl3Ey5QWSOUeKIp8dV2zsb:ZDepU/6YBZleY2tl3sIpGV2zg
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Low\!_INFO.txt
Extracted
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\!_INFO.txt
Targets
-
-
Target
Test
-
Size
563KB
-
MD5
fb8898216510c6af50a7aa81e23c35cb
-
SHA1
41d42f120ba66bc69efb3a2e1af47e197242f3a2
-
SHA256
c3f3659442a27afa1a9e8cbc18479f9c88e209b0429b30b695085746f1edb39e
-
SHA512
bd91d17213daa08918998e1352893cf94e36e1c2d7e6008b59c71bbdcbd7b7b58c1c8accc7b561c0e9421c0fe133fa3af131bc2f9ccbc411c38a7c4680851402
-
SSDEEP
12288:jXLRoysOFO0XmyVNpCwSnDTWm2kqvqSfyqMFIoiBrRR0GPJT1QxC:jXLRhFC8m2v5GIoiVRRnuxC
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-