atomsilo | 7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee[.]7z

General

Target

7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee.7z
Size

278KB
MD5

a12a1fe4075d0b1472fc067f56f56f6f
SHA1

d53e2a7a9dc08e4c0c35f07735c0ffa3f93f67ff
SHA256

63912423ec365577887c0459ef7926b14827113c28dad3770a2855dfc25c1bc3
SHA512

adffacb99d8ec1e87a0b99f72c3d92269502df4024287ff26bd4c078e47c234a6fc630574799e79c0bdc54e8768d5a579e0cf27d3e7b3b217811ed8877854953
SSDEEP

6144:9D56P99wa3zI6zXRmK+EAZAo8xjLJfNTVlJPXvd6f9igc:ZszX4eFo8VdfNT1d6UZ

Score

10^/10

atomsilo

AtomSilo Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee.exe	family_atomsilo

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee.exe	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee.exe

7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee.7z
.7z

Password: infected
7a5999c54f4588ff1581d03938b7dcbd874ee871254e2018b98ef911ae6c8dee.exe
.exe windows:5 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

lala
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fafa
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE