General
-
Target
set-up.bin
-
Size
146KB
-
Sample
240209-xaftdsdf4v
-
MD5
3d49478072bf18339ef810c8ea7546b2
-
SHA1
c1047d72d4cdce21af4bb989ad1bee437edb7f80
-
SHA256
e3300e30997c5a355f02ca6972711b2ca843d00a393b62c75818a43c27ff128d
-
SHA512
f47f6a1c51b92cc34a1dc264bc2b151690f1c314c5f97b08530e9efd6929c860985f9410f411cb31e0f3acd75b8969e4791ca9fb080901f6f4cb70322255a91c
-
SSDEEP
3072:A6glyuxE4GsUPnliByocWepU0DxwbL2LUnPaZw:A6gDBGpvEByocWeTDxOL2LScw
Behavioral task
behavioral1
Sample
set-up.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
C:\3R9qG8i3Z.README.txt
https://t.me/mr_robot_unlock
Targets
-
-
Target
set-up.bin
-
Size
146KB
-
MD5
3d49478072bf18339ef810c8ea7546b2
-
SHA1
c1047d72d4cdce21af4bb989ad1bee437edb7f80
-
SHA256
e3300e30997c5a355f02ca6972711b2ca843d00a393b62c75818a43c27ff128d
-
SHA512
f47f6a1c51b92cc34a1dc264bc2b151690f1c314c5f97b08530e9efd6929c860985f9410f411cb31e0f3acd75b8969e4791ca9fb080901f6f4cb70322255a91c
-
SSDEEP
3072:A6glyuxE4GsUPnliByocWepU0DxwbL2LUnPaZw:A6gDBGpvEByocWeTDxOL2LScw
Score10/10-
Renames multiple (559) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-