Extracted

Extracted

• • Target

    VirusShare_e5e83d8209a8e06089d70e65901b7481

  • Size

    328KB

  • MD5

    e5e83d8209a8e06089d70e65901b7481

  • SHA1

    dba4cc12a51f6ab845673de37756d2b3f31825e6

  • SHA256

    e37b974823a5def88d1b8857cbe4262ed60d59a7ef7b6854e407d6a2dc8cdc68

  • SHA512

    63b61ab3d5d26aaa318ae36a29dfc2107deedd6b340c54abbeec40b9598a5d6ea1743bdd6c320dddcbafcea5820b2620e4b0b9bfc4d5a45a8808c09b148503b2

  • SSDEEP

    6144:EEKwa30luX+sChrlTxO9M4wt8lfJBXfvUmaeyfXMx3/mQ6YroqS8j6M54IaHSJ7+:jK8luX+ssxTI9WkxxvPWUpeG/+bIn70

  Score

  10^/10

  teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (434) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2