General
-
Target
36035b1a4995acb201c2b2160000d4477a31a2222c3f6bdc25a32d53d930bcfd.exe
-
Size
454KB
-
Sample
230911-qckf2agc96
-
MD5
2c72015e22b53c215403979536bce826
-
SHA1
39eb8e3c2cef23d1c7a3f5c3133f40ecc98c1cf1
-
SHA256
36035b1a4995acb201c2b2160000d4477a31a2222c3f6bdc25a32d53d930bcfd
-
SHA512
0d2e590b0c32de661ab94c0f7a0eccbbc2bac637120b0148e04b05a826ca5858e6d147e0011bd5094f260e5ff0d3dafbf9bc2c4df099adc3ac5c98d50b6df4b1
-
SSDEEP
6144:ARkz9/pOuAXNjskDoLHq/97BJBNcplFbs4NhulBngyAyLo59QeW:AK5ppmNjluHqVVxcFbsK8fnrS9Q
Static task
static1
Behavioral task
behavioral1
Sample
36035b1a4995acb201c2b2160000d4477a31a2222c3f6bdc25a32d53d930bcfd.exe
Resource
win10-20230831-en
Behavioral task
behavioral2
Sample
36035b1a4995acb201c2b2160000d4477a31a2222c3f6bdc25a32d53d930bcfd.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
C:\Users\Public\Videos\read-me.txt
globeimposter
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\Users\Public\Videos\read-me.txt
globeimposter
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
36035b1a4995acb201c2b2160000d4477a31a2222c3f6bdc25a32d53d930bcfd.exe
-
Size
454KB
-
MD5
2c72015e22b53c215403979536bce826
-
SHA1
39eb8e3c2cef23d1c7a3f5c3133f40ecc98c1cf1
-
SHA256
36035b1a4995acb201c2b2160000d4477a31a2222c3f6bdc25a32d53d930bcfd
-
SHA512
0d2e590b0c32de661ab94c0f7a0eccbbc2bac637120b0148e04b05a826ca5858e6d147e0011bd5094f260e5ff0d3dafbf9bc2c4df099adc3ac5c98d50b6df4b1
-
SSDEEP
6144:ARkz9/pOuAXNjskDoLHq/97BJBNcplFbs4NhulBngyAyLo59QeW:AK5ppmNjluHqVVxcFbsK8fnrS9Q
Score10/10-
Renames multiple (4434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (8646) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-