General
-
Target
ByteVaultX 2.0.exe
-
Size
9.9MB
-
Sample
240526-tnx32sda67
-
MD5
72c65f1b271ae812c9c00fe7dbef3ee7
-
SHA1
98327e138efdcdbfcb02787ad3f9b729e617df6e
-
SHA256
d1314cc2b3ddd84224b7b6fe78c9ca75dceed34799b6715086eeacd687e84017
-
SHA512
21595d8bc9fe4c94a74b28acbe65e9a98f2c39e23d9e41bb5bfcaae01f11c11bfade391f04edd5853081c4ab1df051aa6f71c6203d7eac39b3446a3e357be273
-
SSDEEP
196608:Th30RIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:mGFG8S1+TtIi+Y9Z8D8CclydoPx
Behavioral task
behavioral1
Sample
ByteVaultX 2.0.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1181543227728330774/1241192614980620318/pexels-mitja-juraja-357365-970517.jpg?ex=66494e33&is=6647fcb3&hm=5d230b14503c4586a605bc32b42ec6f5a894c21fd27c2a8ab2538482ee660c7e&
Extracted
C:\Encrypt\encrypt.html
Targets
-
-
Target
ByteVaultX 2.0.exe
-
Size
9.9MB
-
MD5
72c65f1b271ae812c9c00fe7dbef3ee7
-
SHA1
98327e138efdcdbfcb02787ad3f9b729e617df6e
-
SHA256
d1314cc2b3ddd84224b7b6fe78c9ca75dceed34799b6715086eeacd687e84017
-
SHA512
21595d8bc9fe4c94a74b28acbe65e9a98f2c39e23d9e41bb5bfcaae01f11c11bfade391f04edd5853081c4ab1df051aa6f71c6203d7eac39b3446a3e357be273
-
SSDEEP
196608:Th30RIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:mGFG8S1+TtIi+Y9Z8D8CclydoPx
Score10/10-
Renames multiple (122) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-