General
-
Target
ratonClient.exe
-
Size
17.3MB
-
Sample
250515-mj1j2sem2w
-
MD5
9196309183e6ce074637e12c859e25a1
-
SHA1
2dcae0550303a56c173d9b9c71e0c212808e4859
-
SHA256
2fe94929ee11ba85c1dffc139ba70009e04bc132a2dc5fb9a79ef45183662fe7
-
SHA512
f05a8e68ef10efe57d59299dba827b65843009162cdcfa42a1f5616cd9870fdcb22fc7442c3ec2e985555df492429ef76fa236e55d0c72dfbb49895b1a97f5ba
-
SSDEEP
196608:81BEy1ZOR6QqOyjr2LF3Ye6YmnwqdU142UaxAIZJ6yp:8gbR1cjSLFoBYmn5U1PAIZf
Static task
static1
Behavioral task
behavioral1
Sample
ratonClient.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
ratonClient.exe
-
Size
17.3MB
-
MD5
9196309183e6ce074637e12c859e25a1
-
SHA1
2dcae0550303a56c173d9b9c71e0c212808e4859
-
SHA256
2fe94929ee11ba85c1dffc139ba70009e04bc132a2dc5fb9a79ef45183662fe7
-
SHA512
f05a8e68ef10efe57d59299dba827b65843009162cdcfa42a1f5616cd9870fdcb22fc7442c3ec2e985555df492429ef76fa236e55d0c72dfbb49895b1a97f5ba
-
SSDEEP
196608:81BEy1ZOR6QqOyjr2LF3Ye6YmnwqdU142UaxAIZJ6yp:8gbR1cjSLFoBYmn5U1PAIZf
Score9/10-
Renames multiple (142) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-