Overview

overview

7

Static

static

5

ransom_builder.exe

windows7-x64

7

ransom_builder.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransom_builder.exe

  • Size

    4.3MB

  • Sample

    240222-srtdlaca78

  • MD5

    43a2c7ba0ecd3a1b8ff0b82a0e82296d

  • SHA1

    9b106aa440085d1cf76889a186a4c0ece9f86b06

  • SHA256

    bb623a98f1d61f13d2de4dee55b14f97956e8306aa66d945aab0b00538b95900

  • SHA512

    2d1d9c37fcfc1f38e71a6f7be68431ec5e7220dd8eb8df6fa612be62bed071fdf1f505c9702d69719e74c99ae02af4a48909f63862addca7c4e911c1792b8f59

  • SSDEEP

    98304:w8sjkaDkbFqE0DtuJFsEG/SxFEQGr7wgiMgaUP/XEXw5d1OFQ:yj3aqE0tubjTPgiFaUHEXgaF

Score
7/10
upx

Malware Config

Targets

    • Target

      ransom_builder.exe

    • Size

      4.3MB

    • MD5

      43a2c7ba0ecd3a1b8ff0b82a0e82296d

    • SHA1

      9b106aa440085d1cf76889a186a4c0ece9f86b06

    • SHA256

      bb623a98f1d61f13d2de4dee55b14f97956e8306aa66d945aab0b00538b95900

    • SHA512

      2d1d9c37fcfc1f38e71a6f7be68431ec5e7220dd8eb8df6fa612be62bed071fdf1f505c9702d69719e74c99ae02af4a48909f63862addca7c4e911c1792b8f59

    • SSDEEP

      98304:w8sjkaDkbFqE0DtuJFsEG/SxFEQGr7wgiMgaUP/XEXw5d1OFQ:yj3aqE0tubjTPgiFaUHEXgaF

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks