General
-
Target
7f6dbd9fa0cb7ba2487464c824b6d7e16ace9d4cd15e4452df4c9a9fd6bd1907
-
Size
175KB
-
Sample
220411-tb7fysahe5
-
MD5
f746ea39c0c5ff9d0a1f2d250170ad80
-
SHA1
dac28369f5a4436b2556f9b4f875e78d5c233edb
-
SHA256
7f6dbd9fa0cb7ba2487464c824b6d7e16ace9d4cd15e4452df4c9a9fd6bd1907
-
SHA512
dffb4eaa4119df790eb6b85ae341ee2ba4438d7983d0023320f19a4f2df201a3fc3d4d3cc4f1a67c6d1cad4809ac1b914bdad584da7df1b500354386f07fbc30
Static task
static1
Behavioral task
behavioral1
Sample
7f6dbd9fa0cb7ba2487464c824b6d7e16ace9d4cd15e4452df4c9a9fd6bd1907.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
7f6dbd9fa0cb7ba2487464c824b6d7e16ace9d4cd15e4452df4c9a9fd6bd1907.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
C:\R3ADM3.txt
network_battalion_0065@riseup.net
Targets
-
-
Target
7f6dbd9fa0cb7ba2487464c824b6d7e16ace9d4cd15e4452df4c9a9fd6bd1907
-
Size
175KB
-
MD5
f746ea39c0c5ff9d0a1f2d250170ad80
-
SHA1
dac28369f5a4436b2556f9b4f875e78d5c233edb
-
SHA256
7f6dbd9fa0cb7ba2487464c824b6d7e16ace9d4cd15e4452df4c9a9fd6bd1907
-
SHA512
dffb4eaa4119df790eb6b85ae341ee2ba4438d7983d0023320f19a4f2df201a3fc3d4d3cc4f1a67c6d1cad4809ac1b914bdad584da7df1b500354386f07fbc30
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-