General

  • Target

    Ransomware.zip

  • Size

    42.1MB

  • MD5

    1b1712d0f4cf97cdb10f7817fbe37628

  • SHA1

    c6245e74e10ef228ccbd9bdb97ae26f8bb24b2be

  • SHA256

    b7eb20bcbe42e9f14f813a19e07aea6482c7df7faf90054f27cda4dcfc28723c

  • SHA512

    8a75634e543f18197eb89b4062bd9089c385326caf70275a1c82af779822f6311e5281ee1688b34d0ca02ae3cdca68ec6113b8c8fe1561ace9081d3a425310da

  • SSDEEP

    786432:jSLN4jiwEj7mKm+hsZ7DYfzMRzZH27sgTQB8x4aSbJCUEKAhiDB9+DZwX1TpIb8Y:GLuY6KyHiz6ZH27xTQB8yAUEAHWZATpY

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 16 IoCs

    Checks for missing Authenticode signature.

Files

  • Ransomware.zip
    .zip
  • Ransomware/Annabelle Ransomware.zip
    .zip
  • 716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Ransomware/BadRabbit Ransomware.zip
    .zip
  • BadRabbit.exe
    .exe windows:5 windows x86 arch:x86

    e3bda9df66f1f9b2b9b7b068518f2af1


    Code Sign

    Headers

    Imports

    Sections

  • Ransomware/BadRabbit Ransomware/BadRabbit.exe
    .exe windows:5 windows x86 arch:x86

    e3bda9df66f1f9b2b9b7b068518f2af1


    Code Sign

    Headers

    Imports

    Sections

  • Ransomware/Monster Ransomware (second new version).zip
    .zip
  • tunamor.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Ransomware/Monster Ransomware (second new version)/tunamor.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Ransomware/Monster Ransomware.zip
    .zip
  • XMoon.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • Ransomware/Monster Ransomware/XMoon.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • Ransomware/Trojan.Ransom.GoldenEye.zip
    .zip
  • GoldenEye.exe
    .exe windows:5 windows x86 arch:x86

    eadbe699c9f56194b9bbdf2dd7631233


    Headers

    Imports

    Sections

  • GoldenEye.js
    .js
  • Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
    .exe windows:5 windows x86 arch:x86

    eadbe699c9f56194b9bbdf2dd7631233


    Headers

    Imports

    Sections

  • Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
    .js
  • Ransomware/Trojan.Ransom.NotPetya.zip
    .zip
  • NotPetya.exe
    .exe windows:5 windows x86 arch:x86

    ab8fd60b3da01515e6706e8d122c633f


    Headers

    Imports

    Sections

  • Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe
    .exe windows:5 windows x86 arch:x86

    ab8fd60b3da01515e6706e8d122c633f


    Headers

    Imports

    Sections

  • Ransomware/Trojan.Ransom.PetrWrap.zip
    .zip
  • Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap
    .exe windows:5 windows x86 arch:x86

    90cfb770dd8b0646a46fc541c93185a2


    Headers

    Imports

    Sections

  • Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Patched)
    .exe windows:5 windows x86 arch:x86

    90cfb770dd8b0646a46fc541c93185a2


    Headers

    Imports

    Sections

  • Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Wiper)
    .exe windows:5 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • Ransomware/WannaCrypt0r.zip
    .zip
  • Ransomware/WannaCrypt0r/WannaCrypt0r.exe
    .exe windows:4 windows x86 arch:x86

    68f013d7437aa653a8a98a05807afeb1


    Headers

    Imports

    Sections