General
-
Target
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
Size
75KB
-
Sample
240201-zzw8saecc5
-
MD5
98b04a1cfdf18674315ec137733553a7
-
SHA1
dd1cdb8782b5e08695b006393d1e8ab4e447556e
-
SHA256
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
SHA512
3c5d9884a922b4b974c3dbd0e6f73292b7bfa761a1e50cfb1af07752261cf1a8ea2520a13f28f7040d788bff3837c62c7a6595f03b1c1be5f8d4ea9848f09cb5
-
SSDEEP
1536:Bb6MM2qw/ZhutMC1u2srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Lr:VM2qaZ2i2srQLOJgY8Zp8LHD4XWaNH7j
Static task
static1
Behavioral task
behavioral1
Sample
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e.exe
Resource
win10-20231215-en
Malware Config
Extracted
C:\Users\Admin\Desktop\How To Restore Your Files.txt
http://gtmx56k4hutn3ikv.onion/blog/ff6b763849c49971c7ef8508064a3d8681529c7f45e532ff9e3d9ec13165263b/
http://gtmx56k4hutn3ikv.onion/
http://babukq4e2p4wu4iq.onion/login.php?id=l6Kr29xLbfnq1f0jzES55LLmmrZPd8
Targets
-
-
Target
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
Size
75KB
-
MD5
98b04a1cfdf18674315ec137733553a7
-
SHA1
dd1cdb8782b5e08695b006393d1e8ab4e447556e
-
SHA256
391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e
-
SHA512
3c5d9884a922b4b974c3dbd0e6f73292b7bfa761a1e50cfb1af07752261cf1a8ea2520a13f28f7040d788bff3837c62c7a6595f03b1c1be5f8d4ea9848f09cb5
-
SSDEEP
1536:Bb6MM2qw/ZhutMC1u2srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Lr:VM2qaZ2i2srQLOJgY8Zp8LHD4XWaNH7j
Score10/10-
Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-