General
-
Target
4803666962055168.zip
-
Size
623KB
-
Sample
201126-vd6l9pfy2n
-
MD5
629734a78995ca6f641cb616911ae6e6
-
SHA1
6cf386bd485fd7b6f43593b19bb925c742743d5d
-
SHA256
9c3337e7502acba72dc28d5f94ad017092401b8348fa9be1ef6ba2e928776257
-
SHA512
077b11074c007ecae5cfd1b36cbb6871128fdb3bfd6a1599e9534b68e3ab8ebf35cf509069adf9fc19f1c29a947803e1da749e8fd0531fb33a84bd14650939bb
Static task
static1
Behavioral task
behavioral1
Sample
30303b663e0b7b9824cc59298b36f824b607b4fb85de53af6aac3a023d895513.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
30303b663e0b7b9824cc59298b36f824b607b4fb85de53af6aac3a023d895513.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
30303b663e0b7b9824cc59298b36f824b607b4fb85de53af6aac3a023d895513
-
Size
710KB
-
MD5
a7d58a3a9f2ff3e1fefd69ed12cceeb1
-
SHA1
2fb79bef67a697450313f3d13ef121f9e6bd96a8
-
SHA256
30303b663e0b7b9824cc59298b36f824b607b4fb85de53af6aac3a023d895513
-
SHA512
d22f6acf66fa9e2f97026f934a782175c61de393ee5a21c3e94c337939dc33dd39f104a1cde445d034abb29846b0577b3804762f45abdec554cd4f2d8e95ae25
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Stops running service(s)
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-