Resubmissions

01/07/2025, 07:25

250701-h9bw6asry7 10

06/11/2024, 02:31

241106-cztrbstepk 10

General

  • Target

    439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d.zip

  • Size

    10.0MB

  • MD5

    0739c5c628cd9827ad276fcdeab6866d

  • SHA1

    d35da3f4e36eebf36a130bc7e0182fc4c35cf551

  • SHA256

    439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d

  • SHA512

    cbcc268a6ffd1d7da8454d9d19e5dadff2f6b82f7a24c71c600af9a1df43cd94c01189d5e6536058238ee3941cc263ba36b91bebb7cd9a46d2bc7a8af8975a8e

  • SSDEEP

    196608:E41NwEkT12Yfagn1Xii8ag+1LH7oChw7nyHcJQTUqFXPRmehiK1oCu4Wm1sSS:EaNwz26JRxn1oChw7ny8JnIpmecKuchU

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d.zip
    .zip
  • key_gen/key_gen.zip
    .zip
  • main.exe
    .exe windows:4 windows x64 arch:x64

    b6f255793d9218bffb1d265f125394e6


    Headers

    Imports

    Sections

  • ransom.exe
    .exe windows:6 windows x86 arch:x86

    f032b4cc0eb4f2eac3f528efe4c73962


    Headers

    Imports

    Sections

  • rsa.txt
  • key_gen/main.cpp
  • key_gen/main.exe
    .exe windows:4 windows x64 arch:x64

    b6f255793d9218bffb1d265f125394e6


    Headers

    Imports

    Sections

  • key_gen/ransom.exe
    .exe windows:6 windows x86 arch:x86

    cb6abf8f920e409d66e2c6e1dea5c53e


    Headers

    Imports

    Sections

  • key_gen/rsa.txt
  • ransom/Release/ransom.exe
    .exe windows:6 windows x86 arch:x86

    51ff6eea1c2dfc853310904ce154f487


    Headers

    Imports

    Sections

  • ransom/ransom.sln
  • ransom/ransom/Crypto/AES/aes.cpp
  • ransom/ransom/Crypto/AES/aes.h
  • ransom/ransom/Crypto/RSA/bigd.cpp
  • ransom/ransom/Crypto/RSA/bigd.h
  • ransom/ransom/Crypto/RSA/bigdigits.cpp
    .vbs
  • ransom/ransom/Crypto/RSA/bigdigits.h
  • ransom/ransom/Crypto/RSA/bigdtypes.h
  • ransom/ransom/Crypto/RSA/rsa.cpp
  • ransom/ransom/Crypto/RSA/rsa.h
  • ransom/ransom/Cryptographic.cpp
    .js
  • ransom/ransom/Cryptographic.h
  • ransom/ransom/Debug/Cryptographic.obj
  • ransom/ransom/Debug/aes.obj
  • ransom/ransom/Debug/bigd.obj
  • ransom/ransom/Debug/bigdigits.obj
  • ransom/ransom/Debug/ransom.exe.recipe
  • ransom/ransom/Debug/ransom.ilk
  • ransom/ransom/Debug/ransom.log
  • ransom/ransom/Debug/ransom.obj
  • ransom/ransom/Debug/ransom.obj.enc
  • ransom/ransom/Debug/ransom.res
  • ransom/ransom/Debug/ransom.tlog/CL.command.1.tlog
  • ransom/ransom/Debug/ransom.tlog/CL.read.1.tlog
  • ransom/ransom/Debug/ransom.tlog/CL.write.1.tlog
  • ransom/ransom/Debug/ransom.tlog/Cl.items.tlog
  • ransom/ransom/Debug/ransom.tlog/link.command.1.tlog
  • ransom/ransom/Debug/ransom.tlog/link.read.1.tlog
  • ransom/ransom/Debug/ransom.tlog/link.secondary.1.tlog
  • ransom/ransom/Debug/ransom.tlog/link.write.1.tlog
  • ransom/ransom/Debug/ransom.tlog/ransom.lastbuildstate
  • ransom/ransom/Debug/ransom.tlog/rc.command.1.tlog
  • ransom/ransom/Debug/ransom.tlog/rc.read.1.tlog
  • ransom/ransom/Debug/ransom.tlog/rc.write.1.tlog
  • ransom/ransom/Debug/rsa.obj
  • ransom/ransom/Debug/vc143.idb
  • ransom/ransom/Debug/vc143.pdb
  • ransom/ransom/Release/Cryptographic.obj
  • ransom/ransom/Release/aes.obj
  • ransom/ransom/Release/bigd.obj
  • ransom/ransom/Release/bigdigits.obj
  • ransom/ransom/Release/ransom.Build.CppClean.log
  • ransom/ransom/Release/ransom.exe.recipe
  • ransom/ransom/Release/ransom.iobj
  • ransom/ransom/Release/ransom.log
  • ransom/ransom/Release/ransom.obj
  • ransom/ransom/Release/ransom.res
  • ransom/ransom/Release/ransom.tlog/CL.command.1.tlog
  • ransom/ransom/Release/ransom.tlog/CL.read.1.tlog
  • ransom/ransom/Release/ransom.tlog/CL.write.1.tlog
  • ransom/ransom/Release/ransom.tlog/Cl.items.tlog
  • ransom/ransom/Release/ransom.tlog/link.command.1.tlog
  • ransom/ransom/Release/ransom.tlog/link.read.1.tlog
  • ransom/ransom/Release/ransom.tlog/link.secondary.1.tlog
  • ransom/ransom/Release/ransom.tlog/link.write.1.tlog
  • ransom/ransom/Release/ransom.tlog/ransom.lastbuildstate
  • ransom/ransom/Release/ransom.tlog/rc.command.1.tlog
  • ransom/ransom/Release/ransom.tlog/rc.read.1.tlog
  • ransom/ransom/Release/ransom.tlog/rc.write.1.tlog
  • ransom/ransom/Release/rsa.obj
  • ransom/ransom/bitmap1.bmp
  • ransom/ransom/bmp00001.bmp
  • ransom/ransom/ransom.aps
  • ransom/ransom/ransom.cpp
    .js
  • ransom/ransom/ransom.rc
  • ransom/ransom/ransom.vcxproj
    .xml
  • ransom/ransom/ransom.vcxproj.filters
  • ransom/ransom/ransom.vcxproj.user
  • ransom/ransom/resource.h
  • ransom/ransom/x64/Debug/Cryptographic.obj
  • ransom/ransom/x64/Debug/aes.obj
  • ransom/ransom/x64/Debug/bigd.obj
  • ransom/ransom/x64/Debug/bigdigits.obj
  • ransom/ransom/x64/Debug/ransom.log
  • ransom/ransom/x64/Debug/ransom.tlog/CL.command.1.tlog
  • ransom/ransom/x64/Debug/ransom.tlog/CL.read.1.tlog
  • ransom/ransom/x64/Debug/ransom.tlog/CL.write.1.tlog
  • ransom/ransom/x64/Debug/ransom.tlog/ransom.lastbuildstate
  • ransom/ransom/x64/Debug/rsa.obj
  • ransom/ransom/x64/Debug/vc143.idb
  • ransom/ransom/x64/Debug/vc143.pdb
  • ransom/ransom/x64/Release/Cryptographic.obj
  • ransom/ransom/x64/Release/aes.obj
  • ransom/ransom/x64/Release/bigd.obj
  • ransom/ransom/x64/Release/bigdigits.obj
  • ransom/ransom/x64/Release/ransom.Build.CppClean.log
  • ransom/ransom/x64/Release/ransom.log
  • ransom/ransom/x64/Release/ransom.tlog/CL.command.1.tlog
  • ransom/ransom/x64/Release/ransom.tlog/ransom.lastbuildstate
  • ransom/ransom/x64/Release/rsa.obj
  • ransom/ransom/x64/Release/vc143.pdb