General
-
Target
mallox_poss_18717826374.zip
-
Size
1.4MB
-
Sample
240826-tqtteatajf
-
MD5
bfea7bb766ed582c9ab1c2d510c7515f
-
SHA1
f7d4c015b49dc50c973498d1c139fbc63c108aa1
-
SHA256
26d9af84cabb56e8755bb9b8fdeb70f731afbb1da70c543effc63450e9a13018
-
SHA512
2b77df777a85fdaf826bbbe0436a95e1e3bf503e02e137065a2a56dbd0be531dafb7527080a5c7e38ef0aa0938d0e9ddd1574c9118dc8c101771b56fd5ef0f81
-
SSDEEP
24576:htcnuAVrmmby7CVRpLoJahQXuxvMsYMMZ9lOFyRyubGEEW1OIfuhFosCKYf:AnuAAOK7Xa0s4ZXOkRyupEW1v2hFosO
Behavioral task
behavioral1
Sample
352f00d2c53b14d500cc182b1e14954df25a6ff9171b50aacd4a981ebe03246a.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
352f00d2c53b14d500cc182b1e14954df25a6ff9171b50aacd4a981ebe03246a.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\Pictures\How to decrypt files.txt
targetcompany
http://w3nrsbh4n35dkujnho3yiv5ocntimv5nb3jg5fggvgw3dwrzdnmtlaqd.onion/TIF3MW2QALL
Targets
-
-
Target
352f00d2c53b14d500cc182b1e14954df25a6ff9171b50aacd4a981ebe03246a
-
Size
2.6MB
-
MD5
c1227e81e0fb3339d0aa7b039758f6bc
-
SHA1
07e72d41e6fc806a5153138eb4aef0c969022ecb
-
SHA256
352f00d2c53b14d500cc182b1e14954df25a6ff9171b50aacd4a981ebe03246a
-
SHA512
9c714ff05ecc51eabe5239fcac65d8e21e3bd84a743d27a9fb9f70b4a0d244978fc18f41a6c713f870886c793963ea089c4ac3fe19a2e4a2feb7dd5339b03467
-
SSDEEP
49152:pLgNjaYPW2p7+m5zx21dXIMHPnxYTIFtfy//mghqI6MAmTZiuRySfa8GIBbE:pL0xPGdaMFe5faSbE
Score1/10 -
-
-
Target
db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe
-
Size
125KB
-
MD5
b13a1e9c7ef5a51f64a58bae9b508e62
-
SHA1
e232747c02b5cab0a414190a0d8438f5be042000
-
SHA256
db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe
-
SHA512
3f42f81505693089dc2595976c523f1568aee6cbe2565ba16b3e4b43a06b2533b4f2c63ba90afc2637380a32fbc5dd09b70e84ff932fe90482e0da84c0571afe
-
SSDEEP
3072:GA1PPaKgKdZqTXKopLuLgdgjgVE0e95NlmD:G6CKg8ZqTvpyLgd0gVqdE
-
TargetCompany,Mallox
TargetCompany (aka Mallox) is a ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (6884) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-