Extracted

• • Target

    9cd4cebf8b04cd6864b59e4c0cf4aafa

  • Size

    654KB

  • MD5

    9cd4cebf8b04cd6864b59e4c0cf4aafa

  • SHA1

    2287faa3026c5981f3796268112998ac1c06c5d3

  • SHA256

    748b8dc9ddd13cfdf844a6ba40a59dc5a464d0240133394adffc5496cd1021e7

  • SHA512

    03ec7b69a8f616ab4254429499d80e5b5e7e28c1b44b418b446f6a341bdc77393482cd790764981498c6d54d2ffd0d32c118c45dee056d681533167f7b83359d

  • SSDEEP

    12288:MkzXMinmtrfsNG9USY7x3lgSsIXlYlOHls2E/qZaTcMUJnGHqsvXX1tfLs:LjArfCG+nN3aNIXNFZ5R1GHqsvDI

  Score

  10^/10

  ctblockerransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2