General
-
Target
ransom.exe
-
Size
2.6MB
-
MD5
193964c937493b979b1e9649a83ff000
-
SHA1
d85a46b51b7cf9fe24783508e0739ccee3cf5874
-
SHA256
d6c1d2e77ce21d5a026e7abf99c9fffe55d87b282f460dc737da231211a12a0d
-
SHA512
1bfaaade0c7615debfa45fd0f7442f217361c51f4db19e643b967479671bd9ba8713b5cd30f273d687b648eee1c53a7b3636839b10f510027a5519f499edbf67
-
SSDEEP
49152:yxu/Zqw0/3igJg2S/YubUhbFGpcSr9fXa4kQ67n1q1r8:yxQZT0K6g2S/YuPPKa
Malware Config
Signatures
-
Kuiper family
-
Kuiper is a multiplatform and architecture golang-based ransomware 1 IoCs
resource yara_rule sample kuiper -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ransom.exe
Files
-
ransom.exe.exe windows:6 windows x86 arch:x86
9cbefe68f395e67356e2a5d8d1b285c0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 109KB - Virtual size: 284KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ