General
-
Target
220720-n29q4sfad4
-
Size
1.9MB
-
Sample
240320-l2a7faeg3y
-
MD5
9fa1ba3e7d6e32f240c790753cdaaf8e
-
SHA1
7bcea3fbfcb4c170c57c9050499e1fae40f5d731
-
SHA256
fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87
-
SHA512
8d2fb58cb8776ead15f445671431eae13a00b48921e545c7ecbf91829015d818d663d9369f181de669ebb771b113c2f675c3a156fac5ede019b5fad9cb8c65fe
-
SSDEEP
49152:zHOalx8WJjq64Hv7OHxTAhEu5undVmB9dn5AI7EyP3S:Z/8WJjiPSRRu5undVmDd5VEyvS
Behavioral task
behavioral1
Sample
220720-n29q4sfad4.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
220720-n29q4sfad4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-gn9cj.txt
Targets
-
-
Target
220720-n29q4sfad4
-
Size
1.9MB
-
MD5
9fa1ba3e7d6e32f240c790753cdaaf8e
-
SHA1
7bcea3fbfcb4c170c57c9050499e1fae40f5d731
-
SHA256
fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87
-
SHA512
8d2fb58cb8776ead15f445671431eae13a00b48921e545c7ecbf91829015d818d663d9369f181de669ebb771b113c2f675c3a156fac5ede019b5fad9cb8c65fe
-
SSDEEP
49152:zHOalx8WJjq64Hv7OHxTAhEu5undVmB9dn5AI7EyP3S:Z/8WJjiPSRRu5undVmDd5VEyvS
Score10/10-
Hades Ransomware
Ransomware family attributed to Evil Corp APT first seen in late 2020.
-
Hades payload
-
Renames multiple (206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-