General
-
Target
1a54a44791801f12bf597282ee4f296834f6c1c128464f4ba0ad470be343fbbc.exe
-
Size
270KB
-
Sample
250105-pwcpvswphr
-
MD5
2eccc71416422af47b5969cc0ac64642
-
SHA1
c0aaa01ed6d08c19df613913de1cce8c54c66461
-
SHA256
a9f4afd73b873c926a383915a44b84fa903897427ed8393dd9243b68265de6c0
-
SHA512
22aaba3a9b65b306116c15b4d54bfd4ec238da439023599f3f2be637d6d99fb833121de14c55daad4fc1006b22b054523ab1bb011ec45ae618bd46ce71556e48
-
SSDEEP
6144:XEohG/el4VQg/U+Dgx3bMAVVzddi6jWGPxF:XEoPlK53DgZMSVFjW0x
Static task
static1
Behavioral task
behavioral1
Sample
1a54a44791801f12bf597282ee4f296834f6c1c128464f4ba0ad470be343fbbc.exe
Resource
win11-20241007-en
Malware Config
Extracted
C:\Users\Admin\Data breach warning.txt
https://qtox.github.io
http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
http://161.35.200.18
https://gofile.io/d/ufuFye
Targets
-
-
Target
1a54a44791801f12bf597282ee4f296834f6c1c128464f4ba0ad470be343fbbc.exe
-
Size
270KB
-
MD5
2eccc71416422af47b5969cc0ac64642
-
SHA1
c0aaa01ed6d08c19df613913de1cce8c54c66461
-
SHA256
a9f4afd73b873c926a383915a44b84fa903897427ed8393dd9243b68265de6c0
-
SHA512
22aaba3a9b65b306116c15b4d54bfd4ec238da439023599f3f2be637d6d99fb833121de14c55daad4fc1006b22b054523ab1bb011ec45ae618bd46ce71556e48
-
SSDEEP
6144:XEohG/el4VQg/U+Dgx3bMAVVzddi6jWGPxF:XEoPlK53DgZMSVFjW0x
Score10/10-
RA World
RA World ransomware, also known as RA Group, is a crypto-ransomware variant that has evolved from the earlier Babuk ransomware. It emerged in April 2023.
-
Raworld family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-