General
-
Target
ByteVaultX 3.0.exe
-
Size
9.9MB
-
Sample
240522-tarzwagc9y
-
MD5
1cf80f1f2380d374122a6f6637b310f3
-
SHA1
e96d7b6039faaba484c4df2f61f2a8c69429aade
-
SHA256
ebbd48d657018e78c27a43ac929927eff48643a3cd0a91f8a6f40b1a90a9c4d5
-
SHA512
d571e5ce5370acf15c8454398e9587c5eb9c4062bb31951ab10d058bd16e54fb0bb8d90632fe3f194dac75ccba51ef79fffa14b9acd90267262e44cb94d6e49d
-
SSDEEP
196608:EhtqRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:RGFG8S1+TtIi+Y9Z8D8CclydoPx
Behavioral task
behavioral1
Sample
ByteVaultX 3.0.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1181543227728330774/1241192614980620318/pexels-mitja-juraja-357365-970517.jpg?ex=66494e33&is=6647fcb3&hm=5d230b14503c4586a605bc32b42ec6f5a894c21fd27c2a8ab2538482ee660c7e&
Extracted
C:\Encrypt\encrypt.html
Targets
-
-
Target
ByteVaultX 3.0.exe
-
Size
9.9MB
-
MD5
1cf80f1f2380d374122a6f6637b310f3
-
SHA1
e96d7b6039faaba484c4df2f61f2a8c69429aade
-
SHA256
ebbd48d657018e78c27a43ac929927eff48643a3cd0a91f8a6f40b1a90a9c4d5
-
SHA512
d571e5ce5370acf15c8454398e9587c5eb9c4062bb31951ab10d058bd16e54fb0bb8d90632fe3f194dac75ccba51ef79fffa14b9acd90267262e44cb94d6e49d
-
SSDEEP
196608:EhtqRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:RGFG8S1+TtIi+Y9Z8D8CclydoPx
Score10/10-
Renames multiple (174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-