Overview
overview
10Static
static
10081899c525...89.dll
windows7-x64
1082060e332...76.exe
windows7-x64
1009d22d6340...64.exe
windows7-x64
11f4e927f6e...a4.exe
windows7-x64
820efc37efc...db.dll
windows7-x64
623b5ce252f...5b.exe
windows7-x64
1035fdad147c...8f.exe
windows7-x64
136bfd9f40c...07.exe
windows7-x64
156ec95785f...a4.exe
windows7-x64
1675e7e38d9...a8.exe
windows7-x64
96b4df38111...7a.exe
windows7-x64
76b4f6a820d...96.exe
windows7-x64
1721ccbb780...29.exe
windows7-x64
375a9ade196...1d.exe
windows7-x64
1079271d57c5...61.exe
windows7-x64
7*.*/update.exe
windows7-x64
6*.*/˫�...��.bat
windows7-x64
1847001fe67...7e.exe
windows7-x64
197d846563e...3b.exe
windows7-x64
19a5a08d7a4...4a.exe
windows7-x64
109da42140ca...70.exe
windows7-x64
6ac7da11c38...e2.exe
windows7-x64
10b3489810af...5f.exe
windows7-x64
1bf11915a5a...55.dll
windows7-x64
6c453aa991f...3e.dll
windows7-x64
6c97d9bbc80...15.exe
windows7-x64
10cfe55dc501...48.exe
windows7-x64
6d2a120aa4a...78.exe
windows7-x64
10db97db6b03...1b.dll
windows7-x64
6dc276b7ca4...cf.exe
windows7-x64
10e714a8c576...a4.exe
windows7-x64
1f0c2927859...a6.exe
windows7-x64
7General
-
Target
New folder.rar
-
Size
15.3MB
-
Sample
240326-rse2xsfb8y
-
MD5
6677e9a1e490857b5bdfb0744cd260fe
-
SHA1
20a0692c3001f36c56f811d614dfbe6b2a0b5612
-
SHA256
1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596
-
SHA512
52c80873ff9d70a2ef1669ccfb1f2e1cfeb2a521102d0b38164c88f680924b84560245c3104b6c7e742bd952617db405720f6b08f541d6c4cdf1c33a25478ab6
-
SSDEEP
393216:NUYQW+GfB8a8lENPHeGcC6yz9Jp0tu/5TKP0Arl:y9GfBntHeO9Jpn/Fe0AR
Behavioral task
behavioral1
Sample
081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89.dll
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe
Resource
win7-20240215-en
Behavioral task
behavioral3
Sample
09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.dll
Resource
win7-20240319-en
Behavioral task
behavioral6
Sample
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe
Resource
win7-20231129-en
Behavioral task
behavioral7
Sample
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
Resource
win7-20240319-en
Behavioral task
behavioral13
Sample
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
*.*/update.exe
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
*.*/˫ǩ.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf.exe
Resource
win7-20240215-en
Behavioral task
behavioral31
Sample
e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4.exe
Resource
win7-20231129-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Extracted
C:\Users\Admin\Documents\READ_THIS_TO_DECRYPT.html
Extracted
C:\Users\Admin\Desktop\_READ_THI$_FILE_33QNII2_.txt
http://p27dokhpz2n7nvgr.onion/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1hpvzl.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1pglcs.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1cewld.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1js3tl.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1ajohk.top/12EA-1E35-D050-0446-9493
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Extracted
C:\Program Files\Java\jdk1.7.0_80\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Targets
-
-
Target
081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89.exe
-
Size
24KB
-
MD5
bdd728030128165279b3cadf246d495a
-
SHA1
032479b1a1d4bb21fdd07736a8d4d9c5fa4a70c4
-
SHA256
081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89
-
SHA512
8ead3841b4c7d5f56f6456ead428c5e43c748cc05252a7c119b3110143ab1c29c97e5e1779e53f26142cba48c17b04de259bb639d1a23b9ed315b7cbf7be9330
-
SSDEEP
192:+W0UBkFvRFGHPQWT3e9+qQ/1/zJvZvdW9+2Cp92xR42eMX8:+WiFvROPQWa9+qQ/1qMyeMX
Score1/10 -
-
-
Target
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe
-
Size
799KB
-
MD5
f6a8d7a4291c55020101d046371a8bda
-
SHA1
09b08e04ee85b26ba5297cf3156653909671da90
-
SHA256
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76
-
SHA512
547ad8ac404e494cce474209ebfbe33a40b69feb59f564215622f479e98dd93699794f4950b05d21225af271c55987da24c68d7c4c172f1d99ba7050b7063888
-
SSDEEP
24576:Fpfzmg0hsVxPJHnhxqj/jELyOpQR2dnCy:FpfCHKrPFnh4jEWOpQEdnCy
Score10/10-
Drops startup file
-
-
-
Target
09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64.exe
-
Size
108KB
-
MD5
61d03ddc11ca4fc3e752abcb03bc53ed
-
SHA1
a872988919744d81154025b1d17cab2bc70b8e99
-
SHA256
09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64
-
SHA512
1d0ed13686785e03d8ab33d879e6d949179bea7d7051525ffc55bf28896d0f6456e17295a9941e07d07ffbc13f138df99fa0871dd6e070da292dd221f7ca216b
-
SSDEEP
1536:OTu/iJ0cjtqTgpdJEHlwKg2cxhDfiJ8xmeoBJIKs3Z3P4lGLD:4u0jtwaPBKg2ihjiJ8MeoBJIFZ3UyD
Score1/10 -
-
-
Target
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
-
Size
2.2MB
-
MD5
f5f2f6c370db4b38bdf8032ea3ef2a64
-
SHA1
b5e188540539bc2b1d128f408160fa91e724c84b
-
SHA256
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4
-
SHA512
f2216faac5d07fb2d6f3faf6cf1e18e94c0ada8aba35a8d2d8491efd1ada526d5358a592b6877a9783cc9b5e81dd54fec8b9969ffd650c0f8aff2e3243dbe18c
-
SSDEEP
49152:UtAZanCoV4BdnctNbS/iXmYjlV8O7pzTs8OYFFxZbVybdXERd:9x6Mdn0p7pzTsQR
-
Drops file in Drivers directory
-
Drops startup file
-
Drops file in System32 directory
-
-
-
Target
20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.exe
-
Size
28KB
-
MD5
07ce060934a9106a3e135c33ebd64e9e
-
SHA1
e9d0fdb9d91ec314778f45065642066cbd4c575b
-
SHA256
20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb
-
SHA512
c3c17c911464deb7be6daf3339738fb53e89a93f0b58eb5971d6ffbbd7aced4d88ff61ab2ac973f8c1f6dafdf9e4dc505d17607b0b8b9be822b98b0b8a320f8a
-
SSDEEP
192:EmUk5kULV+jC9LDADPF9+qQ/1nwzJvZvdW9+2Cp92xR43beMs7ui4jrh:EmFDR+jCpAJ9+qQ/1nZMHeMsCj
Score6/10-
Adds Run key to start application
-
-
-
Target
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe
-
Size
235KB
-
MD5
fc7b0066d7d250b619a3c6c3ee1b22f9
-
SHA1
f307dc2d7d41e5d2678144de98445fa3c14e7583
-
SHA256
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b
-
SHA512
4178ac9a1e5e9f5817412de1ab210c1c95ebe1a47875f14844ff5e234191c2facaf8f7ae184c9fc33c334cdfa8615ccbdc8aaaac1d3aa6697d4ea49ef01aa1bd
-
SSDEEP
3072:BS4er0KRFMyC4FtM/LMZaIfhhM35E8/OZZe6WXVDhjt6SeFUkgYF6UTcysS:BShA40/haM3hGEphsxUYF6Ecyx
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (314) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe
-
Size
542KB
-
MD5
ce29783e7465bd57067f67afba0f996f
-
SHA1
c6d5bc37d17d43a1cdb17d39e46b8f3d61d46578
-
SHA256
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f
-
SHA512
b92a1bdb77f05c5a6cf0b883bb2b4205c6d3a97dce1e6f82a102d6e6fcba1a025d3953ed7f3ef9268f6383a7cd2f6af2de37fec736eb4d77aff40b12a901c0be
-
SSDEEP
12288:5Pi8GS/emxzM+fElwVCqCJbDj9//k/rTcPcYYYgYYYYYYYgYYYYYYgYYYYYYYgYh:5PBNz3fyDj9//k//IcqHDC
Score1/10 -
-
-
Target
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe
-
Size
108KB
-
MD5
82bccb8988fd54529192665fa974f056
-
SHA1
2b83f745d8424b7ad6e8012da3260dbf0663ce3c
-
SHA256
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807
-
SHA512
95d9996d65f4bd0ac2ad7d6c2ab3089e1101c9d0a22b304e2380512428b21767bd6c53bbaa3b3c3afc778c98be1d32ceac5331d2c85db64e7f80a78777a4f8a9
-
SSDEEP
1536:8tu/uJ0cjtqTgpdJEHlwKg2cxhDfiJ8Xm3oBJIKs3Z3P4lGLc:0uAjtwaPBKg2ihjiJ8W3oBJIFZ3Uyc
Score1/10 -
-
-
Target
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe
-
Size
526KB
-
MD5
00d374f3142e46c53e621504e020dd86
-
SHA1
49c55f442702c3d96bf507f369676a54315851d0
-
SHA256
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4
-
SHA512
169149b510a6c502f90b18d518f10c7f0f1c7e426d62b2e90b8adfa87d76a0d1d8b819305fdb75231ac80d5fcac1dcf7982ed9e493f22dcf12ae203a0960edb9
-
SSDEEP
12288:oOfgiGHObrYmluIhccUnj9//k/rTcPcYYYgYYYYYYYgYYYYYYgYYYYYYYgYYYYYV:oOwGrv4j9//k//IcV4h
Score1/10 -
-
-
Target
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
-
Size
1.3MB
-
MD5
d30cc3d50062b47585d8e9216f5974c4
-
SHA1
86ab16232bdff82807eb09e9dae5ae7dec26685f
-
SHA256
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8
-
SHA512
8fa7e529f58deb6c2b89c3bf3ceb04ca036e00ac694767b64625258fe39d3911d42ae9d5baf0d0089e06c936458fcacd0e6e56b8a7cba4a91084d66a5717bce6
-
SSDEEP
24576:bk70TrcblhbE+twWvKItnEi9RlyjACUxar1BjjxhXQdT6lRDmkTyi:bkQTAMGwAFv9yjJZrYURDdH
Score9/10-
Renames multiple (18637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a.exe
-
Size
697KB
-
MD5
91bb19ac797d238209b681a872b90dfb
-
SHA1
c817513d79e95e78969fd7db001197058a43dbb8
-
SHA256
6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a
-
SHA512
71eab624027b40a141800b9e4d242d52bb1613e2e7fef083bf742034639434c369dffe648b9d0728c09d91aec121cc8acf861fecd248f6529a396766cbd905de
-
SSDEEP
12288:K1C9axRKZndwSrZvQH0dy05EQB4RpwxKxOl5/xVvuY6lMwWFQw1ybgRRBo/tPamR:QC9YRgdwSBk0dy05jBmuS4DmYBSoP94a
Score7/10 -
-
-
Target
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
-
Size
27KB
-
MD5
4b95790314f5e5e7ab6027f3afed48ae
-
SHA1
1bbbc30e0fdc7190d8948716ca8d373788c90ce4
-
SHA256
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296
-
SHA512
380a9bfd525ad558964f444220cf5ac4a9d3add159abd5c0451ca2b1d8bf57d2acf6d0eb8a1ec4b1451b28db10574b2fb66bda0e2f8ed066d4d5aac0dd9c8a2c
-
SSDEEP
768:ZtVdJkn3Iwk9qg47OxpySkH/U3ITmcemeZFFtbwN4ykQo:ZtBk3I7LhB3PcedFtMOykQo
Score1/10 -
-
-
Target
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe
-
Size
556KB
-
MD5
4a8228f5109bc509936eb5286d86322a
-
SHA1
36f1b50c1df1249e816944d0288604336d2b7a1e
-
SHA256
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429
-
SHA512
6013d5daaef69c99d61afb30aa273413eebe9b5b8fe0055d879ee236817d3cb4a9d3bdb82553c8cd3f6e725bd99a076389a94a8ec8d6b0da66fc17b0fb7a1164
-
SSDEEP
6144:f5bnFDjbS20Bbdh1bBbp20Btedh16IqDAYQ+:fTDwicAYp
Score3/10 -
-
-
Target
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe
-
Size
306KB
-
MD5
1eac69691e05297182ea6642746d53f6
-
SHA1
749f19b262849158df6d29f26043e1a845da102e
-
SHA256
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d
-
SHA512
8ac6625fa10b3d2126a6498af2790a52bb626fef74b4abf05ce869f0e3b2d41fa78915b469529c67531937093e6385634985e792f4c04edac5f0b69a489d5c39
-
SSDEEP
3072:J86Kas04uVswV5Him+xfleiJfz/4B7zspXGwtI57T+YG4tGSGbwySvB5KpzeLrqK:ChatLSeoQ7Rwu57C0bNyKgpGR
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
-
Size
3.1MB
-
MD5
91e55c043a89444b7cdfb335d4e4a5ba
-
SHA1
d72203d462053c1636e20cf648669b040357d5db
-
SHA256
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161
-
SHA512
3f3efbb9928a8ffa683d2c528bc442545fb330fbf981ff639a581effc91569743258cbad88e9a2c8b6e66448e56af023213fc408ab66a6b53565a4e030a37777
-
SSDEEP
98304:DFkV34ua2ltBgzXU4Us1DgAtayHKlqo7/Whsg:Db0ltwzDtZHg7/Yx
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
*.*/update.exe
-
Size
744KB
-
MD5
288ad7c14b2e9cbfc8432d3d41d62164
-
SHA1
2138ba33796ed343fb01c03f4abfdbed30bfe151
-
SHA256
7e24716b753efa564cf6ace4abbe687a2ede68180140e4aaab8279b3328ababe
-
SHA512
6f045adea1a9d4c1a0ec414a77c1611687a7ec4ed23ffc1fda426a396ca4244f5b212a1189dc6fb804268a5d29cec3226ccd6d3418e7e5a9923cb0733caac70c
-
SSDEEP
12288:Yzki5f8eM8n7X0tYAY4+5684WFh5ecvSrW3yNdkeemwtuS9:OkE8eJnL02AYw84Wj5evNl0u
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
*.*/˫ǩ.bat
-
Size
100B
-
MD5
b2c8d1f31c73f52c275393f231e3843e
-
SHA1
debbc8e818ab2acc8f12b08930315c894e7efde8
-
SHA256
77badaf1d085e90578b76cd1fafb252e13d4074f643b7d43cbee38580d7dee24
-
SHA512
0268085427d632fe4fec8e7702da5b7715a2ecc13f9ddda86f02f965c3745872e53325d12cb48ab7797bebce4b76203e3edc2631c6dacf3417a91a6c00841de6
Score1/10 -
-
-
Target
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe
-
Size
108KB
-
MD5
eacdd9f959418d3f3e9be95de284d02a
-
SHA1
354fe59d35aef1dd07c3c1ef771b93a413f91e6b
-
SHA256
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e
-
SHA512
8e3770e6e0dd33e2ae54c9af0c5c01c5e0bd5d85e37ea5e4c9afadf297f9027e1b6b0b32d872ffa3b928478d7c0601b465fa5ea414dee10ddc51c8c83323d17a
-
SSDEEP
3072:ouvZ0rga0R246JaNR0r3PhVuCx9JNI22N:ouRIcVX2hEXFN
Score1/10 -
-
-
Target
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe
-
Size
36KB
-
MD5
01856e8de8d99253aabe0c1ccf925b08
-
SHA1
217d1d9c07dd817bb39a000943f27991cbe5aab9
-
SHA256
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b
-
SHA512
03ff6abdb978d749467a24a63b21dd1e6e77cffcdd7bccf86516a66d7e053d13f76ab19179e9a331f85d32d9405f14ab8a19b756aff4c642a4ca0c7d4402d21d
-
SSDEEP
768:0gi4r/1iRHq5pTV6xo/SIx+637kc/+ZKWb57zlARngZy:0vZQ/6xo/SIxL7T+Z5KgZy
Score1/10 -
-
-
Target
9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a.exe
-
Size
314KB
-
MD5
f93ecc98e4c4659023b81397578201e3
-
SHA1
8c6ce5195b39239d219da8de3b4e757204f75f07
-
SHA256
9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a
-
SHA512
6835d190e85fa196e325d5b9e9833f88b22348b5e7dad7fe10aa2b065c66e61342cbf31fb8a4c1b5761a9f72b2f55d7eaeab9f8ee411ade6090327268a85a039
-
SSDEEP
6144:N/ox45SkZNudlSP7VeJCaYAbjJF7UjWDvtlP8A2KoGFn6NHCcWITEYlxHt9Nqw:NgScC03SPxSlYMF7UjWDvzPh2eFnDcWg
Score10/10-
Blocklisted process makes network request
-
Contacts a large (1091) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
-
-
Target
9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270.exe
-
Size
616KB
-
MD5
41b91df596878223773cdc49bbee2324
-
SHA1
48d0647e2e29256d8969dbb7d8edb03297d01ada
-
SHA256
9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270
-
SHA512
ff555049812608cb33cd7dcacf1102a920f531281aa60d36e8463f9c48023c856bf0243c25671ac709d8a5dfac5ab1a421606dd3f576472b4ec145b647fae30c
-
SSDEEP
12288:bnE+Yfz3OlZUW+7xsvceR0KtjYx1xS0v:bEBr3qZlCxarj8xS0v
Score6/10-
Adds Run key to start application
-
-
-
Target
ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2.exe
-
Size
211KB
-
MD5
ef8ab6db9a96b461f429f9f15b573164
-
SHA1
ac600bb15b21910c0fb6618825358ed6c60c037f
-
SHA256
ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2
-
SHA512
14a3b15ceef007915a558b48740f98a7a6335d42cfcc6498b2fb3ee40ff2e15496d4fdec0351f48cee36947e1ec981190721a877b8406a10456709d21be07a3e
-
SSDEEP
3072:b0WFcoAWykGuyF9ImZNI9UkwvYxzqea5KC7s7TJ:bfLXyL5F9XZNIsvYv
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f.exe
-
Size
24KB
-
MD5
b6d25a5629221041e857266b9188ea3b
-
SHA1
6df3a7a3ed5c6a6349a791b72783b32c460c8417
-
SHA256
b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f
-
SHA512
bd40d5683d78d21a296677915c3417713134414059efd6865a23d8fe83465c813c696ca2d1b94e8e1ea03c7740c176e77f7b0c7c5b523eddedd43149cdc295a2
-
SSDEEP
768:rAOGBmheJi070Y2DJ/Zpu6WYcFIl0XeF2lG+eJ6eygjaPbpUvdykQo:bo7KJOCOfGj6eaPbpUFykQo
Score1/10 -
-
-
Target
bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655.exe
-
Size
28KB
-
MD5
180ad8f1024b334c7966180afa953266
-
SHA1
7680011d67a7a7299ade6878255b1f7883a50cd9
-
SHA256
bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655
-
SHA512
a661e2489775e08fc3a433e722fa014e85517ab87645ea9fa3d72c405b81d05a40dc3c02ed10579e8996e20bd4e22da936b02a846e2ea8c1d88621fbfcc7655e
-
SSDEEP
192:7h89oTi6J4SaQPlRgspuml9+qQ/1/wzJvZvdW9+2Cp92xR4KyAzeMg/Qq7t/u/N:18EheSaQtRgWl9+qQ/1/ZMyeMm/O
Score6/10-
Adds Run key to start application
-
-
-
Target
c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.exe
-
Size
28KB
-
MD5
7fc30b3540428adc624a060b9005d575
-
SHA1
8a08667b8c0bceb82502e55848ca4e4f69326217
-
SHA256
c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e
-
SHA512
6fb43ccd2c6698dc027c48cf61d7b40b9faccbaa717c14eef207d4312ab9eb9497af6ae70191021bf3166d6bf703a248d509b327d4b05b126449e87a0cae7cc2
-
SSDEEP
384:NZMO4CXWoRNt7oAbiKuWiO9fjQ/1/ZMzUFeM/Dd:NJ4CGoRNPGG8/96UUcDd
Score6/10-
Adds Run key to start application
-
-
-
Target
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
-
Size
1.2MB
-
MD5
e11502659f6b5c5bd9f78f534bc38fea
-
SHA1
b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b
-
SHA256
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15
-
SHA512
86c8d4556c9e0b7d60ccbfee430eb322388449506ab515549cb8d2785582671f2dc2d2a3bd9daded9853caa8bf94d9f92603a3bc527172a85dc7a83d701f7fd0
-
SSDEEP
24576:645Rt4El7fc/TFJzjJUgrrCq5sNIwQsUGy1q7a9DlIACTp+kqGslRG:Rjt4El7fc/TFJWstwQsPdSDuACTpqhG
Score10/10-
LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
-
Renames multiple (3721) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe
-
Size
48KB
-
MD5
84ff01e9ca8fec60ba0c7715ca378336
-
SHA1
8bafa6673b762145b008496467a9ad8cfc18e4b9
-
SHA256
cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348
-
SHA512
668be10b19fd0f47a0409ab0d46b5d078122eeb602452c37bee27970495ec9b8ae20e598b4a4d530a976dc80948be0f6d50e6fec78303941f4bf40df180e4ed6
-
SSDEEP
768:NZ/MQ+jmgyuQY6y4ViNpc3ayjctUp79Glm:N5MUo4qK3wlm
Score6/10-
Adds Run key to start application
-
-
-
Target
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe
-
Size
190KB
-
MD5
0333e4014e84e0cd41a4be7fab09926b
-
SHA1
2e84153ec64edadca3ac7a9b847eb6c651396525
-
SHA256
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78
-
SHA512
d9838b90083625939c644a3b80ad820cbbc5991669ac499612f82e301c553f235743cfd35a2a87cd63e7b6bedf3f57b0bd42e88ef9d9450e9d868b95ec8e6c33
-
SSDEEP
3072:3bXCLlcSmk8NNFLehmqbayd4yCVY16YAaMDJvKqJHTwqlQNNJE5AkqA:3byLlcq8tYZbay6Y0YgDdKUHThKNI
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b.exe
-
Size
28KB
-
MD5
af62cca39cdf2faa1a3e9b422afee8b9
-
SHA1
5714a48c24d79cf820c98ec3575ef4f0b7b7c921
-
SHA256
db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b
-
SHA512
c7ad2ef82f1f1a23ffa5ebcba8efca1dc8aa788847cab8d2693cf082f85e2e87979b92c559c69e60bc119929912c105e40c00aa9fe2f09d1cf8ad9e8fc3c4d13
-
SSDEEP
192:0P9IGUkZxXgGEmqnpbXf206LF9+qQ/1nwzJvZvdW9+2Cp92xR4qVeMNazlQF9gR:nGlJEmqx2029+qQ/1nZM2eMNazWm
Score6/10-
Adds Run key to start application
-
-
-
Target
dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf.exe
-
Size
478KB
-
MD5
1575ea1792ec080b7825066f02a5dddc
-
SHA1
e647358f934f78866d1f97079f66c46448efd2f0
-
SHA256
dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf
-
SHA512
1e492379bea54ccc2db48b1bd2ded0d77470ae960a6f78e681647526b29152a4a1ca27acca9c7181477af3c19a4e4eac0182a259fd32893b33b33f40fe14e120
-
SSDEEP
12288:RDVeMVRoTGavS3bRmuAyEzHU4tmo1BaKBiNr:pVeMVRo/W9mu3EzHU4co1BaKc
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Clears Windows event logs
-
Renames multiple (7242) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4.exe
-
Size
44KB
-
MD5
f385069ebb01e0bbcff4abdbbe5e6a8e
-
SHA1
f2b48673e4c70e72e1f34cd88614cc0d5594fa94
-
SHA256
e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4
-
SHA512
d814e8112c283fa9e3fc33f54db2dc2d80e19b448d1e0d012a2838505a7af75d0814f9199462cb5a51e9fc055f30762af8830a730907f32ec66f9403b2c968d3
-
SSDEEP
768:cKLuj2C0bJjtAgLHL3GUME2ctbTn/YcaPC:eQtAqe2TnuK
Score1/10 -
-
-
Target
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6.exe
-
Size
7.0MB
-
MD5
3beee8d7f55cd8298fcb009aa6ef6aae
-
SHA1
672a992ea934a0cba07ca07b80b62493e95c584d
-
SHA256
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6
-
SHA512
12bd64d10620c1952127c125e7beb21b3727d8afb6440d48058785267b227a534ee6112d84372749496481cb6edb5c90eeb159689b443fe0f10f4a9202a83a5f
-
SSDEEP
196608:gUWfTu5s5E6s6eLL1mkJ2Z9Jq5dOYo+SJVTXOD0ch:gUWfTuK5E6s6sBmKk9JMo5/eN
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
3File Deletion
2Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1