General
-
Target
a3bac432e92a26exeexeexeex.exe
-
Size
146KB
-
Sample
230709-krjkdsce4z
-
MD5
a3bac432e92a26e6c1151d89630b7a04
-
SHA1
2aee43243b537012b68ca4bf215ddb7ffc6aabaf
-
SHA256
d219db7baf1ca936062295654f85fac8888f89d10853ed7a8d5efea3191bbcf2
-
SHA512
11caceb38abdc9577ab030589e084e329d4ae4e06d5386a1e576c9d0267486e9f9fd9589f946b938a71fcd3e3e158f110c8d857220c4bddc2d571a100fe31d8f
-
SSDEEP
1536:lzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD80KbZB4S3zMA+U7SJjeN0ZFC0b:mqJogYkcSNm9V7DBKBV+U70vvjAD8BT
Behavioral task
behavioral1
Sample
a3bac432e92a26exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
a3bac432e92a26exeexeexeex.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\8MNKRqUah.README.txt
https://t.me/data_decrypt
Extracted
C:\8MNKRqUah.README.txt
https://t.me/data_decrypt
Targets
-
-
Target
a3bac432e92a26exeexeexeex.exe
-
Size
146KB
-
MD5
a3bac432e92a26e6c1151d89630b7a04
-
SHA1
2aee43243b537012b68ca4bf215ddb7ffc6aabaf
-
SHA256
d219db7baf1ca936062295654f85fac8888f89d10853ed7a8d5efea3191bbcf2
-
SHA512
11caceb38abdc9577ab030589e084e329d4ae4e06d5386a1e576c9d0267486e9f9fd9589f946b938a71fcd3e3e158f110c8d857220c4bddc2d571a100fe31d8f
-
SSDEEP
1536:lzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD80KbZB4S3zMA+U7SJjeN0ZFC0b:mqJogYkcSNm9V7DBKBV+U70vvjAD8BT
Score10/10-
Renames multiple (368) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (634) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-