General
-
Target
encrypter-windows-gui-x86.exe
-
Size
104KB
-
Sample
241021-qy3vhawbld
-
MD5
bae8e04226ff74f7c40f9bd2e6e3b4ae
-
SHA1
87ca31acfcb12b6eac57e1fd47926be330a11e03
-
SHA256
cc0680de960f3e1b727b61a42e59f9c282bd8e41fe20146ed191c7f4bf9283a7
-
SHA512
56fa390dd466b36797986bd4ae5ec01fb4717f191e2a0098885a603786c42bceee0f2917b3c961c0b0478d040ef7b0ecfda8504ab254afa2d7688f9a19ebb08f
-
SSDEEP
3072:vufqM7tExy3nGt1yc0bwEIrn/eufCNzxaR6:mfG/yc0bM/eufCNzxaR6
Static task
static1
Behavioral task
behavioral1
Sample
encrypter-windows-gui-x86.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Program Files (x86)\README.TXT
buran
Targets
-
-
Target
encrypter-windows-gui-x86.exe
-
Size
104KB
-
MD5
bae8e04226ff74f7c40f9bd2e6e3b4ae
-
SHA1
87ca31acfcb12b6eac57e1fd47926be330a11e03
-
SHA256
cc0680de960f3e1b727b61a42e59f9c282bd8e41fe20146ed191c7f4bf9283a7
-
SHA512
56fa390dd466b36797986bd4ae5ec01fb4717f191e2a0098885a603786c42bceee0f2917b3c961c0b0478d040ef7b0ecfda8504ab254afa2d7688f9a19ebb08f
-
SSDEEP
3072:vufqM7tExy3nGt1yc0bwEIrn/eufCNzxaR6:mfG/yc0bM/eufCNzxaR6
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Renames multiple (8928) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-