General
-
Target
f83fb9ce6a83da58b20685c1d7e1e546.zip
-
Size
417KB
-
Sample
230408-p2d5wafd2w
-
MD5
a024e1d53d75eaefc4aa74131ff16fd8
-
SHA1
cfd053a7e793ec84ec78679f224b417c760e0a5e
-
SHA256
77b2731ff3c7a14b8b962ea387c41293415b3478e73973888851991105777560
-
SHA512
f1418a512f8603bf99b40e61e7fe61c7228f814544da3b00adf24ab93b246e522a3c6a6a74476df8419fa54fa3a78f62ebcaaa539daa0de0e111a0beeb129c42
-
SSDEEP
12288:6Zr2Dvm+2LDF+jgcz5jCDiIuexi3FBUzvASSB7d:6ZCDvmRLDwjPrIuekUz4SS5
Static task
static1
Behavioral task
behavioral1
Sample
e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\MSOCache\DECRYPT-FILES.html
Extracted
C:\odt\DECRYPT-FILES.html
Targets
-
-
Target
e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe
-
Size
473KB
-
MD5
f83fb9ce6a83da58b20685c1d7e1e546
-
SHA1
01c459b549c1c2a68208d38d4ba5e36d29212a4f
-
SHA256
e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684
-
SHA512
934ec9073a28b90e8df785bef49f224789da59f83729208b92dba0503e2894b3f48ed04b20de1ba49374b1cd26f0c87e8e5ab79e817258135e3be2c171f3f396
-
SSDEEP
12288:v6l/7FpnaeoQbRLBYdunMCayql4YcQD+AgJbAWgjbgpQ:CDna43YAKl4Yci+AggEpQ
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Sets desktop wallpaper using registry
-