Overview
overview
10Static
static
3Ransomware-master.zip
windows10-1703-x64
3Ransomware...ICENSE
windows10-1703-x64
1Ransomware...DME.md
windows10-1703-x64
3Ransomware...omware
windows10-1703-x64
1Ransomware...er.zip
windows10-1703-x64
1cerber.exe
windows10-1703-x64
10Ransomware...ll.zip
windows10-1703-x64
1cryptowall.exe
windows10-1703-x64
3Ransomware...aw.zip
windows10-1703-x64
1jigsaw.exe
windows10-1703-x64
10Ransomware...ky.zip
windows10-1703-x64
1Locky.exe
windows10-1703-x64
10Ransomware...ba.zip
windows10-1703-x64
1131.exe
windows10-1703-x64
3Ransomware...nu.zip
windows10-1703-x64
1Matsnu-MBR...3 .exe
windows10-1703-x64
3Ransomware...ap.zip
windows10-1703-x64
1027cc450ef...d9.dll
windows10-1703-x64
10myguy.hta
windows10-1703-x64
3Ransomware...ya.zip
windows10-1703-x64
1Ransomware...nt.zip
windows10-1703-x64
1Ransomware...ex.zip
windows10-1703-x64
1Ransomware...na.zip
windows10-1703-x64
1Ransomware...pt.zip
windows10-1703-x64
1Ransomware...na.zip
windows10-1703-x64
1Ransomware...ry.zip
windows10-1703-x64
1Ransomware...us.zip
windows10-1703-x64
1Ransomware...ibrary
windows10-1703-x64
3Ransomware...oad.sh
windows10-1703-x64
3Ransomware...est.py
windows10-1703-x64
3Ransomware...st2.py
windows10-1703-x64
3Ransomware...rna.py
windows10-1703-x64
3General
-
Target
Ransomware-master.zip
-
Size
12.9MB
-
Sample
240802-t92clawgja
-
MD5
30da61eabe92b48ce784f7ee31f5ec44
-
SHA1
4922cfc2c10b5d92b2fb199fc6a2aaed095035e0
-
SHA256
2e156957ffdc73801662b89b1f6773434c4d13bb4b9bc1670827e399ad64aa7e
-
SHA512
648a9e6ddce09e5bf5da680f8d031afe3224b236cea9598e64e0d592f64ec0bed61e0ff089a931772d0f758a42a463e7ee6ea7ef117ad1c1453dbc2240b9f209
-
SSDEEP
393216:67aFd62nfFSrjIkV4mu/GyBSKb+JYSWTmq:67aHnnNmkpbDSWD
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware-master.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Ransomware-master/LICENSE
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
Ransomware-master/README.md
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Ransomware-master/Ransomware
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Ransomware-master/etc/Ransomware.Cerber.zip
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
cerber.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
Ransomware-master/etc/Ransomware.Cryptowall.zip
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
cryptowall.exe
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
Ransomware-master/etc/Ransomware.Jigsaw.zip
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
jigsaw.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
Ransomware-master/etc/Ransomware.Locky.zip
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
Locky.exe
Resource
win10-20240611-en
Behavioral task
behavioral13
Sample
Ransomware-master/etc/Ransomware.Mamba.zip
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
131.exe
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Ransomware-master/etc/Ransomware.Matsnu.zip
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
Ransomware-master/etc/Ransomware.Petrwrap.zip
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
027cc450ef5f8c5f653329641ec1fed9.dll
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
myguy.hta
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
Ransomware-master/etc/Ransomware.Petya.zip
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
Ransomware-master/etc/Ransomware.Radamant.zip
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
Ransomware-master/etc/Ransomware.Rex.zip
Resource
win10-20240611-en
Behavioral task
behavioral23
Sample
Ransomware-master/etc/Ransomware.Satana.zip
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
Ransomware-master/etc/Ransomware.TeslaCrypt.zip
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
Ransomware-master/etc/Ransomware.Vipasana.zip
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
Ransomware-master/etc/Ransomware.WannaCry.zip
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
Ransomware-master/etc/Ransomware.Wannacry_Plus.zip
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
Ransomware-master/etc/Ransomware.library
Resource
win10-20240611-en
Behavioral task
behavioral29
Sample
Ransomware-master/etc/load.sh
Resource
win10-20240404-en
Behavioral task
behavioral30
Sample
Ransomware-master/test.py
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
Ransomware-master/test2.py
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
Ransomware-master/warna.py
Resource
win10-20240404-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___5AV0M_.txt
cerber
http://p27dokhpz2n7nvgr.onion/FF3F-B604-C23A-0446-99CA
http://p27dokhpz2n7nvgr.12hygy.top/FF3F-B604-C23A-0446-99CA
http://p27dokhpz2n7nvgr.14ewqv.top/FF3F-B604-C23A-0446-99CA
http://p27dokhpz2n7nvgr.14vvrc.top/FF3F-B604-C23A-0446-99CA
http://p27dokhpz2n7nvgr.129p1t.top/FF3F-B604-C23A-0446-99CA
http://p27dokhpz2n7nvgr.1apgrn.top/FF3F-B604-C23A-0446-99CA
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___MKQYX_.hta
cerber
Targets
-
-
Target
Ransomware-master.zip
-
Size
12.9MB
-
MD5
30da61eabe92b48ce784f7ee31f5ec44
-
SHA1
4922cfc2c10b5d92b2fb199fc6a2aaed095035e0
-
SHA256
2e156957ffdc73801662b89b1f6773434c4d13bb4b9bc1670827e399ad64aa7e
-
SHA512
648a9e6ddce09e5bf5da680f8d031afe3224b236cea9598e64e0d592f64ec0bed61e0ff089a931772d0f758a42a463e7ee6ea7ef117ad1c1453dbc2240b9f209
-
SSDEEP
393216:67aFd62nfFSrjIkV4mu/GyBSKb+JYSWTmq:67aHnnNmkpbDSWD
Score3/10 -
-
-
Target
Ransomware-master/LICENSE
-
Size
1KB
-
MD5
a31887cbb9ee63d417035c0c01213070
-
SHA1
6beb39510e95e12f4f0426999fdb652c7742252b
-
SHA256
13d93567d2d97b99868b6f263fe00f425aa95007d30297c3c55c685bde51d460
-
SHA512
77e75fd7038201b602da56e86d2fff9eea22f1e703fee34f35fde0e6e3bb8434bd9b939db6853068d54fdb46182800e7638850a396a409dad83c3ecbc17bfb75
Score1/10 -
-
-
Target
Ransomware-master/README.md
-
Size
1KB
-
MD5
ec42c9f687d906db4c64b31e1da2fbb0
-
SHA1
4e57f51ac2263e7ca317efb759ba145d375d8859
-
SHA256
78585fb1ce39b3d4df15fb07d59bb276d15c830c6df0b0f780c6f7ae6fa31c8b
-
SHA512
ea4ba33763a0914d99df7d8888f35bfec8dd0f701a48bb3eae53a9958447e6655f1cece5a4d44cb7aa7af11dfb2e73ce417cc897674902550000d3a515b6e793
Score3/10 -
-
-
Target
Ransomware-master/Ransomware
-
Size
25KB
-
MD5
d54b447020c50a74fefeeacd7be46733
-
SHA1
96f347b8545bde22d52e36d95779dceff0401697
-
SHA256
d1ebf588dbbcca6b21d20ef37d368d48bf6d7a9cdb6636245010fe87e4533f70
-
SHA512
415825c912210b5115dab8f2388631120eab7ee98bd7cba04705b700d10e325e1b42b6f8dbe5ff37a3b411a203ae436915d4dd6b655750f354817382d31f0954
-
SSDEEP
384:7B866666r66666966666EVGWml1VZAs9SX9BO9:7BUGWml1VZAs9Sm9
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Cerber.zip
-
Size
215KB
-
MD5
5c571c69dd75c30f95fe280ca6c624e9
-
SHA1
b0610fc5d35478c4b95c450b66d2305155776b56
-
SHA256
416774bf62d9612d11d561d7e13203a3cbc352382a8e382ade3332e3077e096c
-
SHA512
8e7b9a4a514506d9b8e0f50cc521f82b5816d4d9c27da65e4245e925ec74ac8f93f8fe006acbab5fcfd4970573b11d7ea049cc79fb14ad12a3ab6383a1c200b2
-
SSDEEP
3072:EJk9kcytz1Qg4kViSMoq9OsLvz8L5HINY8lYdeIX8woWJQHr6LqK2fU0MwL0b06R:EUkcyVlDq8rIblYomoWnvfp0g
Score1/10 -
-
-
Target
cerber.exe
-
Size
604KB
-
MD5
8b6bc16fd137c09a08b02bbe1bb7d670
-
SHA1
c69a0f6c6f809c01db92ca658fcf1b643391a2b7
-
SHA256
e67834d1e8b38ec5864cfa101b140aeaba8f1900a6e269e6a94c90fcbfe56678
-
SHA512
b53d2cc0fe5fa52262ace9f6e6ea3f5ce84935009822a3394bfe49c4d15dfeaa96bfe10ce77ffa93dbf81e5428122aa739a94bc709f203bc346597004fd75a24
-
SSDEEP
6144:yYghlI5/u8f1mr+4RJ99MpDa52RX5wRDhOOU0qsR:yYKlYmDXEpDHRXP01
-
Contacts a large (1093) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Drops startup file
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
Ransomware-master/etc/Ransomware.Cryptowall.zip
-
Size
100KB
-
MD5
8710ea46c2db18965a3f13c5fb7c5be8
-
SHA1
24978c79b5b4b3796adceffe06a3a39b33dda41d
-
SHA256
60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e
-
SHA512
c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583
-
SSDEEP
3072:OCDc19avf1fHqOhdzVD/9Ae7RT5f6IiL+WfXS21o4D:OCD0QvlqGRlAlX+sXjo4D
Score1/10 -
-
-
Target
cryptowall.bin
-
Size
240KB
-
MD5
47363b94cee907e2b8926c1be61150c7
-
SHA1
ca963033b9a285b8cd0044df38146a932c838071
-
SHA256
45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d
-
SHA512
93dfaafc183360829448887a112dd49c90ec5fe50dcd7c7bbc06c1c8daa206eeea5577f726d906446322c731d0520e93700d5ff9cefd730fba347c72b7325068
-
SSDEEP
3072:xkeyloECBch6ZCGBGSmHJ0y5lj6jdojK7+MGOXpXx8z3Lp7Yoq:xGlnCIwMpj6ijKfxx8z3F0V
Score3/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Jigsaw.zip
-
Size
239KB
-
MD5
3ad6374a3558149d09d74e6af72344e3
-
SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620
-
SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff
-
SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720
-
SSDEEP
3072:p7ykj3uuY4NsJD7kPdSRQLqas/pkPm9jvkEL60Uf7k2BgS6/aFybrNN5ZAdNstk7:p7ym3VNA7w8R5/rxv7O0yng0UtVw5NJ
Score1/10 -
-
-
Target
jigsaw
-
Size
283KB
-
MD5
2773e3dc59472296cb0024ba7715a64e
-
SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859
-
SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
-
SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3748) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
Ransomware-master/etc/Ransomware.Locky.zip
-
Size
125KB
-
MD5
b265305541dce2a140da7802442fbac4
-
SHA1
63d0b780954a2bc96b3a77d9a2b3369d865bf1fd
-
SHA256
0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0
-
SHA512
af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282
-
SSDEEP
1536:6mXbzYYlSESr+LdgbfzNTBstcc6yVeHuwuY5pzl5Lypx0DIY6KQOoTFKmN9YMKW8:dbSr+Jg7lB2cV1aQ+WQVTFX9YPGQi1Mf
Score1/10 -
-
-
Target
Locky
-
Size
180KB
-
MD5
b06d9dd17c69ed2ae75d9e40b2631b42
-
SHA1
b606aaa402bfe4a15ef80165e964d384f25564e4
-
SHA256
bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3
-
SHA512
8e54aca4feb51611142c1f2bf303200113604013c2603eea22d72d00297cb1cb40a2ef11f5129989cd14f90e495db79bffd15bd6282ff564c4af7975b1610c1c
-
SSDEEP
3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZ86:gdLl4wkZa/UDiD7ukst1H6
Score10/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Mamba.zip
-
Size
1.0MB
-
MD5
f94d1f4e2ce6c7cc81961361aab8a144
-
SHA1
88189db0691667653fe1522c6b5673bf75aa44aa
-
SHA256
610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a
-
SHA512
7b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad
-
SSDEEP
24576:Uy0yC/fh9Dnt24GZrEXdjl3Fha3fXUkWpfnb:CyGf7TtCZrOll1svX0fb
Score1/10 -
-
-
Target
131.exe
-
Size
2.3MB
-
MD5
409d80bb94645fbc4a1fa61c07806883
-
SHA1
4080bb3a28c2946fd9b72f6b51fe15de74cbb1e1
-
SHA256
2ecc525177ed52c74ddaaacd47ad513450e85c01f2616bf179be5b576164bf63
-
SHA512
a99a2f17d9fbb1da9fb993b976df63afa74317666eca46d1f04e7e6e24149547d1ac7210f673caeae9b23a900528ad6ad0a7b98780eff458d3d505029a06e9ba
-
SSDEEP
49152:XM16E7qUoM5NWX7DP+1egOhcraQzK6j97V:c16/rM5oW1ZrRz
Score3/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Matsnu.zip
-
Size
62KB
-
MD5
0a3487070911228115f3a13e9da2cb89
-
SHA1
c2d57c288bc9951dee4cc289d15e18158ef3f725
-
SHA256
f73027dd665772cc94dbe22b15938260be61cbaad753efdccb61c4fa464645e0
-
SHA512
996f839d347d8983e01e6e94d2feb48f2308ab7410c6743a72b7ecff15b34a30cd12a5764c0470c77138cf8724d5641d03dd81793e28d47fe597f315e116fa77
-
SSDEEP
1536:Wtmvcv25VrNQnc+6KmmjnFcqbq6eXq8GPHTDAY:WBUNQnc+6Vmmv6e8fP
Score1/10 -
-
-
Target
Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .com_
-
Size
102KB
-
MD5
1b2d2a4b97c7c2727d571bbf9376f54f
-
SHA1
1fc29938ec5c209ba900247d2919069b320d33b0
-
SHA256
7634433f8fcf4d13fb46d680802e48eeb160e0f51e228cae058436845976381e
-
SHA512
506fc96423e5e2e38078806591e09a6eb3cf924eb748af528f7315aa0b929890823798a3ef2a5809c14023c3ff8a3db36277bc90c7b099218422aafa4e0c2ee0
-
SSDEEP
1536:jj+Rj1lGIXKSmE17v97yiqHGMRPtbsLW8/V2k12v1/BDxVyCfCrCAc:jjw6Sf0iqmMnb2W02v3mCf4Nc
Score3/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Petrwrap.zip
-
Size
1.1MB
-
MD5
6884a35803f2e795fa4b121f636332b4
-
SHA1
527bfbf4436f9cce804152200c4808365e6ba8f9
-
SHA256
cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c
-
SHA512
262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60
-
SSDEEP
24576:XtZfUANeQHLqNZ2rl5zkFGPI/9+4C/BGq/Om00pN5m:XtZc+trnHkxVqQqm
Score1/10 -
-
-
Target
027cc450ef5f8c5f653329641ec1fed9.exe
-
Size
353KB
-
MD5
71b6a493388e7d0b40c83ce903bc6b04
-
SHA1
34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
-
SHA256
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
-
SHA512
072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f
-
SSDEEP
6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG
-
mimikatz is an open source tool to dump credentials on Windows
-
Deletes itself
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
myguy.hta
-
Size
13KB
-
MD5
0487382a4daf8eb9660f1c67e30f8b25
-
SHA1
736752744122a0b5ee4b95ddad634dd225dc0f73
-
SHA256
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6
-
SHA512
e1e7d81d54efd526139ea8ac792ed2035c8e70f040319c0b65f723431d31077c7a6927553890c99151f2354f51c4020ed94e0e2e5d56386c2fc4828e95869106
-
SSDEEP
192:ScIsmNvaHz65bP/U/njs3NH0Z0UvDVE6Az6XVHBycT6iLMUpJ2seCYHlfeb:SPXTmnjs3BU9A27BNLMUTb
Score3/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Petya.zip
-
Size
538KB
-
MD5
e8fb95ebb7e0db4c68a32947a74b5ff9
-
SHA1
6f93f85342aa3ea7dcbe69cfb55d48e5027b296c
-
SHA256
33ca487a65d38bad82dccfa0d076bad071466e4183562d0b1ad1a2e954667fe9
-
SHA512
a2dea77b0283f4ed987c4de8860a9822bfd030be9c3096cda54f6159a89d461099e58efbc767bb8c04ae21ddd4289da578f8d938d78f30d40f9bca6567087320
-
SSDEEP
12288:h62An+lYWejkM9KIIoyoAWPPpxS8yrST5UvF50VHCJvD3DpNu7NwRUDxuJnU:hJA+BncEoyojpxS8yrSV0nvHpNu7eQxH
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Radamant.zip
-
Size
59KB
-
MD5
fce365d60e13df34a6843894ac9be499
-
SHA1
5211ac4e7d8459f0db9aa19a03c55cb2063fee5f
-
SHA256
3e1813da2d561157df7667cde0117fdddd883c5b1272f76d1ae85ad889c38220
-
SHA512
9747c95c1a1314fd0fb462951feafa51a75c0794e56a6bbbd16d192e366907aa764bc9adbc7d8319e5d43a37b10889808ae5d619ae1202200d7dba34afa2bc1b
-
SSDEEP
1536:cKmaCJ5RF2bf2mwPUv0M47ChtgxyZShQ9FttDUFQ1VkJA/:XmHJAY23iSOxygkFttQFSkJA/
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Rex.zip
-
Size
2.7MB
-
MD5
50188823168525455c273c07d8457b87
-
SHA1
0d549631690ea297c25b2a4e133cacb8a87b97c6
-
SHA256
32856e998ff1a8b89e30c9658721595d403ff0eece70dc803a36d1939e429f8d
-
SHA512
b1a58ebcc48142fa4f79c600ea70921f883f2f23185a3a60059cb2238ed1a06049e701ccdab6e4ea0662d2d98a73f477f791aa1eec1e046b74dc1ce0a9680f70
-
SSDEEP
49152:vWKde2aWpNtWWKPqd0c1OWfD6vAcxntjWPNeJ5Rf/coFN0LZkyIEsNdd:eKI2FpNtfaqGc1EAczjk41EuN0LZky9y
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Satana.zip
-
Size
57KB
-
MD5
82f621944ee2639817400befabedffcf
-
SHA1
c183ae5ab43b9b3d3fabdb29859876c507a8d273
-
SHA256
4785c134b128df624760c02ad23c7e345a234a99828c3fecf58fbd6d5449897f
-
SHA512
7a2257af32b265596e9f864767f2b86fb439b846f7bffa4b9f477f2e54bc3ff2bb56a39db88b72a0112972959570afc697c3202839a836a6d10409a10985031b
-
SSDEEP
1536:GBfLHxIOBET2Uvk6w5yD5O92x2HtYli0kR5sJ7LNeeSLK/TJ:GBf9IOXok6DODtY40kDsjiL6F
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.TeslaCrypt.zip
-
Size
479KB
-
MD5
f755a44bbb97e9ba70bf38f1bdc67722
-
SHA1
f70331eb64fd893047f263623ffb1e74e6fe4187
-
SHA256
3b246faa7e4b2a8550aa619f4da893db83721aacf62b46e5863644a5249aa87e
-
SHA512
f8ce666ae273e6c5cd57447189a8cf0e53c7704cf269fa120068f21e6faf6c89e2e75f37aee43cac83f4534790c5c6f1827621684034ef3eb7e94d7ee1ac365e
-
SSDEEP
6144:xQAq0svy/pQhk1NBePvxGNWeOyqYAGfr/H/h60BHtzbprAvNGTG/fi5QCIq3h11Z:LyKoUlWeOP8HXrINZ/2uJUgVu
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Vipasana.zip
-
Size
638KB
-
MD5
8d2c4c192772985776bacfd77f7bc4d9
-
SHA1
3b923b911d443e321e551f26c9588b16a994d52e
-
SHA256
1733b199a7063443c167e3caeae7dda2315f590341ea2152a9b132e1ad8e94a8
-
SHA512
6c24f2fe498cf38e3f3d66b62915e6fbc8c2746a1d4c3c3de270f994b02e1369b9540099c12d150712574ececbe63c8c9f28877d8aa4557fbbb7890d5a0de6c1
-
SSDEEP
12288:atcWK55CAyTliOve2dCbNF2NJ9lTYG6WxGc7jdw04YPghNxEvREoXIaK:k7KCP5tWiCpYj6/Cm04YPgvivRENL
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.WannaCry.zip
-
Size
3.3MB
-
MD5
efe76bf09daba2c594d2bc173d9b5cf0
-
SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7
-
SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
-
SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029
-
SSDEEP
98304:vhvb2BVmAw0p9jIVcEj5nnZNRyA30yBSRT:vhvq7Bu6EZnZN5EyBSN
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.Wannacry_Plus.zip
-
Size
2.3MB
-
MD5
5641d280a62b66943bf2d05a72a972c7
-
SHA1
c857f1162c316a25eeff6116e249a97b59538585
-
SHA256
ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488
-
SHA512
0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752
-
SSDEEP
49152:9mqR0GTCRh8C9PYUYwm79evoBD2HSypKLZ5u/KU940CwmWtSQX5ddmL6T:RA8GY3b9ev62yypKLlUVCpSSQX5ddmeT
Score1/10 -
-
-
Target
Ransomware-master/etc/Ransomware.library
-
Size
33B
-
MD5
4c3afa1c36b5d93cf231f23567fc0320
-
SHA1
98682eeb359d3e917c2292128f84f5134427e2c2
-
SHA256
a62d6f70aa846adb172d15706798faca370eadcc0ba8ad35ce5285232e8a501d
-
SHA512
5c72bfd0b1d948338a8adf72abae79b4130db30650db2e8a5965f761a3f304ae9f14b2f5a3ef50fe1869e475ef5bf0b5ef4a8d746267cb8a65ab086f00ff7dc1
Score3/10 -
-
-
Target
Ransomware-master/etc/load.sh
-
Size
4KB
-
MD5
8f14e34971812277edeb8a31376cb27a
-
SHA1
5a96858d0d97ca1e229a1270d1a34a09c3c677ea
-
SHA256
1a275cbf23a5a5620d40cda6bd3f621a48d7b2119b2c8bf97b87a97f83933e85
-
SHA512
a63a692e0d63944ee9824578b52f7eb41fd9d9f7e3414d22cb3b81f337571f0c8720672866f4f534eb1c7f3c87662b120addff038806363f3ccaf86a69949ca4
-
SSDEEP
96:v7fGWJIKNsm/kgrkSYpJhc0P+Z6psE8Gkh+mKuc3nWX5neEpT2:vbdp1fY3hlaG1kh+mjcm4EU
Score3/10 -
-
-
Target
Ransomware-master/test.py
-
Size
186B
-
MD5
f5c90d7b70869e8de04c7d7e3051dea9
-
SHA1
93cf6fd3b58cfa7e9ccb7c88bd2cccd65a4d4be7
-
SHA256
4bfe4b8e987cae3539dddec1fc0732a7b1195768f0c8ff3352dccd4fa76bc249
-
SHA512
64d5aaaa1bcbb17eff100bc83d1020660b6e4b6734f99bd5017e0d895753b70619bafd63809b72768815ce1ad1cc80fecd41e8414b1498201bd310dfed213d25
Score3/10 -
-
-
Target
Ransomware-master/test2.py
-
Size
554B
-
MD5
dc42f74575c40fc6c90d73b747df6803
-
SHA1
ff5d98b1f959810719299c5fb0042436634b1999
-
SHA256
d1f9f5e30ac4d8d5771af930b15a51fb040cb1a2b84c7b7feeebb7e4d5fdc1bb
-
SHA512
d4a311676aa16d11f678eaf32e5ee4c18ba2f3beab0d494e09ae6a8214575d5178b9de7126131ad0d5da909594a4e0dbbb791ebed62550b9080cf2a8fb78bb9e
Score3/10 -
-
-
Target
Ransomware-master/warna.py
-
Size
650B
-
MD5
19522678240a7e6d1e5531ed275b6a64
-
SHA1
01653b2ca19505c7e9a7972df2e7d6784cc627b6
-
SHA256
6986bfb870797a56611749719d8aabfdfcf272392765692a15c065c42f88c3cf
-
SHA512
8f2d1efd81a4bafa8d3a50fce740514469a7ccdb2d68f908b9e86d1714ca605525e75a5f0f5ac9dd798299db75810bdf0d06f88e0103609b4d0843ff12d24292
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Pre-OS Boot
1Bootkit
1Discovery
Browser Information Discovery
1Network Service Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
2System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1