General
-
Target
e_win.bin.exe
-
Size
79KB
-
Sample
241115-tdh65sxapg
-
MD5
c8579ccb6690e1f2102f9ba887c12f9e
-
SHA1
e8e46e3f88011aa43c90cde3c9945e3508986a25
-
SHA256
87b9b910d5d5a053e3b39989cc6fd51601abdaea207a26c765f21f43a4cd4dcb
-
SHA512
f579e9b39400a0b3879dc8a1c41bd829d8f6b399d9d0a97302f7157a76f036ede5e4391eeb12bd2285a7f523969d572a92f482cf415ed2fb023d96d745f82244
-
SSDEEP
1536:hxpkWBeG/vEbKsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Xsf8:/BeQsKsrQLOJgY8Zp8LHD4XWaNH71dLH
Static task
static1
Behavioral task
behavioral1
Sample
e_win.bin.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e_win.bin.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\How To Restore Your Files.txt
Targets
-
-
Target
e_win.bin.exe
-
Size
79KB
-
MD5
c8579ccb6690e1f2102f9ba887c12f9e
-
SHA1
e8e46e3f88011aa43c90cde3c9945e3508986a25
-
SHA256
87b9b910d5d5a053e3b39989cc6fd51601abdaea207a26c765f21f43a4cd4dcb
-
SHA512
f579e9b39400a0b3879dc8a1c41bd829d8f6b399d9d0a97302f7157a76f036ede5e4391eeb12bd2285a7f523969d572a92f482cf415ed2fb023d96d745f82244
-
SSDEEP
1536:hxpkWBeG/vEbKsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Xsf8:/BeQsKsrQLOJgY8Zp8LHD4XWaNH71dLH
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (229) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-