Extracted

• • Target

    Uw Factuur 0092-0287492-39238.pdf.exe

  • Size

    804KB

  • MD5

    88a509f4974b099b9a18c97e93d23f6b

  • SHA1

    215f031e777464de6a253be0c520c6ce815bdf88

  • SHA256

    5930f3589545070d4ab4e09c857db89b9b60e882d12ee6dc0b7213e37d32a50e

  • SHA512

    f9b378d7819f7087ef6abf276c59acf8b528d675e69f1da6d63b6690fb3d9f241c5702ae7e23f35bd21547bfe5e3202c2c5879326003caacc817d3ddc1b0cb4f

  • SSDEEP

    12288:7W02CHYwXcuevg6KILXB6iVZdXlQgBI7SJrydLCf6WsfrZBIr5kei+o3cw5s7CRH:7ACHnXcEILxtZtSg+SBzf9uIuvMqkk

  Score

  10^/10

  ctblockerdefense_evasionexecutionimpactransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    $PLUGINSDIR/InstallOptions.dll

  • Size

    14KB

  • MD5

    eee2912bd1ee421cf1f1dfb1cc327d97

  • SHA1

    c5d3741ddb195718c9b17923eb6abfb7a732bdc1

  • SHA256

    e560384c5298ee2123e8340e716b2c4680f51b4d0347995ba3290dbd1130c6c0

  • SHA512

    1808a068386c790d8ad5096d9fededcfa6e5688e3a68f2499418456c9cafd7b837c811298e6570212155b4a3d6038c1749cfcd9d1b86f090f66d1a5301adecb2

  • SSDEEP

    192:qcOqh13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejPK72dwF7dBKEw:qcD13v5SdHeMRRKkwsejP+BV

  Score

  3^/10
  behavioral3behavioral4

• • Target

    $PLUGINSDIR/System.dll

  • Size

    11KB

  • MD5

    883eff06ac96966270731e4e22817e11

  • SHA1

    523c87c98236cbc04430e87ec19b977595092ac8

  • SHA256

    44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

  • SHA512

    60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

  • SSDEEP

    96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u

  Score

  3^/10
  behavioral5behavioral6

• • Target

    403-16.htm

  • Size

    1KB

  • MD5

    9d02dc79e5a6215c2931e56925a8bebc

  • SHA1

    17f413e8eddea932d0088a4a86c43fc8d06c8c7a

  • SHA256

    30c45a56c91ecfd5b654ad172fddc84e5d930e18f5031c778223651c5348d612

  • SHA512

    7f64b11eee14c4e13d084211bd4848cdb27471dde064fad7ac787b7307a85b5b8c953d40b26b8db410bad2b268d6bd94e4e4cb8be6c299cd32e5818988ac22db

  Score

  1^/10
  behavioral7behavioral8

• • Target

    403-18.htm

  • Size

    1KB

  • MD5

    56dc72e6d4312b109ec4862c045d00d6

  • SHA1

    35cb8a074b875326de6d4206feb631479c47e782

  • SHA256

    0246ad30d0589512453a988e290c7c0a3d3a74dfaa7213f3716ef3ebf7c0b4d3

  • SHA512

    7c7a1b996fec2e28b30533b297517bd5d621f0b7beac69b87c08742146028c6dfc9e34f3e391226d72f7723e54a3833877dca09b820299497ea7167395f1869b

  Score

  1^/10
  behavioral10behavioral9

• • Target

    404.htm

  • Size

    1KB

  • MD5

    c9bc5da6fd95dd59b3d1e69c3bc97d40

  • SHA1

    ff4b92b0c8d12a77d12853be583c85fad9b4ebd7

  • SHA256

    cd201762f1c25dc56952abcb7d09a2463aca29a67872ea1cf732ca244a66867e

  • SHA512

    2677a2cf9f066afb73f2cade9840655c9e592273d2870b74bd1d28f9a899e10a47d127871f9b7f0e817e7bfb93ace30bb62c90a66001eed6ca75bbe29682d156

  Score

  1^/10
  behavioral11behavioral12

• • Target

    Linker.dll

  • Size

    20KB

  • MD5

    d4347e5ece1d7cc8a2fffb1afef7ea32

  • SHA1

    4a656426fdc156a914494cef7f8fc437d6ca28dc

  • SHA256

    6f7a21dd4e3539e81113a54f5f1ab70fb3e5457033e923fbb95fdb80b7c433cd

  • SHA512

    0923dd987ef862f4341643627c68fdf276a749aa647c29509d72ec9ee77accb79a5fde7e1387696534e096c8c1714ce694c9c826faff2a06178b7068e7d48d56

  • SSDEEP

    384:EgK68Njc9SBE4iKYQqxLCwvC11oMgLiEW0OU+l6y5:EgdPuE4AxLCwvC11oMg5Y

  Score

  3^/10
  behavioral13behavioral14

• • Target

    Warn If RGB.jsx

  • Size

    3KB

  • MD5

    ae91301a596819d2abe479e3d5bcf3f7

  • SHA1

    c1effcc1b453ee3060d95334fae707d309732dee

  • SHA256

    866ac76bce63b709c4a74c8ddeeb943064b51834abcb84994c9e49f66a42195c

  • SHA512

    0cf8612875d2f5e4b75df043ee450ffa4f6091ab9a6b5d4dab851757c31a86c3edbb4385a59f4a7c2ac3c6926d6309529c92cb0c7d0e3c4f0f907e6fe48767d9

  Score

  3^/10

  execution
  behavioral15behavioral16

• • Target

    asyncqueue.js

  • Size

    4KB

  • MD5

    97c2cce0b8038bd21abaf457b50f8112

  • SHA1

    ac6fc6496817e98c7701fc9afc5e0b6eb78d74bb

  • SHA256

    f59ee97d7d97c887e5da91778ce8d3583b1e448680581e1796312d017e699059

  • SHA512

    874ff6ce0ca3ed1a57e379e91a9ff94e3893b3ceb9e7c1b6bf715565347c14e3e8b8a3bdeb86ae55a9ce9d67eeb3dd6289e63b756dbb4b1db91ef08a88798fc3

  • SSDEEP

    96:cwsXcQH3oHD2ttYv4RyArN8bgThcwgxoAkKtNHY:ocQH3wKt988TpmVY

  Score

  3^/10

  execution
  behavioral17behavioral18

• • Target

    compare-with-callbacks.js

  • Size

    1KB

  • MD5

    2c6f5684ce8e64e2ac4d106ec6c361dd

  • SHA1

    78f431b04243778cf02f29c63ec1f10e464bde6a

  • SHA256

    1d552bba9fdb2557c0a0b55c79eb322852df0e6a0bcb3b48cfbdd335f32b3552

  • SHA512

    0e53cd5e0c943e9c2014b8b778811b4aa83610347f7156ef4b5f616a13a7d29552f72087fe8a956c1c9464af224dcf113232d65e913049e8be8966aa7f2887a6

  Score

  3^/10

  execution
  behavioral19behavioral20

• • Target

    head.js

  • Size

    25B

  • MD5

    19ebe25a2df3c27bfc3c692ba7ce9158

  • SHA1

    f7f5514d24f03611b055af2fc9a541ecf579142e

  • SHA256

    f5f9b7e1859d47775dfe65573624e84f1e2d6f9c2a3a08f684b8148cefb720e8

  • SHA512

    76c4e82aa9bf6d64c956788eacb9c8bc13db2e626c44a548ab7a49dda9569ea06b48dc46b92e725ce2ab4a7a7124cf01565923adbc7a4c529ac429184639659b

  Score

  3^/10

  execution
  behavioral21behavioral22