General
-
Target
https://github.com/kh4sh3i/Ransomware-Samples/archive/refs/heads/main.zip
-
Sample
231202-dqm3vshf74
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/kh4sh3i/Ransomware-Samples/archive/refs/heads/main.zip
Resource
win10-20231129-en
Malware Config
Extracted
C:\Users\Admin\Documents\_R_E_A_D___T_H_I_S___Z5RJ_.txt
cerber
http://p27dokhpz2n7nvgr.onion/7BC6-9F8C-69A6-0446-9F0B
http://p27dokhpz2n7nvgr.12hygy.top/7BC6-9F8C-69A6-0446-9F0B
http://p27dokhpz2n7nvgr.14ewqv.top/7BC6-9F8C-69A6-0446-9F0B
http://p27dokhpz2n7nvgr.14vvrc.top/7BC6-9F8C-69A6-0446-9F0B
http://p27dokhpz2n7nvgr.129p1t.top/7BC6-9F8C-69A6-0446-9F0B
http://p27dokhpz2n7nvgr.1apgrn.top/7BC6-9F8C-69A6-0446-9F0B
Extracted
C:\Users\Admin\Documents\_R_E_A_D___T_H_I_S___PKCU84_.hta
cerber
Targets
-
-
Target
https://github.com/kh4sh3i/Ransomware-Samples/archive/refs/heads/main.zip
Score10/10-
Contacts a large (1105) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Drops startup file
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-