CWT_company_ragnar_locker.exe

Status: finished

Submission Time: 2020-07-30 13:01:30 +02:00

Malicious

Ransomware

Evader

Comments

Details

Analysis ID:
254277
API (Web) ID:
403901
Analysis Started:

2020-07-30 17:36:09 +02:00
Analysis Finished:

2020-07-30 17:43:45 +02:00
MD5:
574f3513f6d7e15f102e82e4d35bf164
SHA1:
f7a38385fe41bcd154fc7b6da034bfe719d6a0a7
SHA256:
04c9cc0d1577d5ee54a4e2d4dd12f17011d13703cdd0e6efd46718d14fd9aa87
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
http://p6o7m73ujalhgkiv.onion/?BatxqaHm8rKxIP16Z1xB
http://rgngerzxui2kizq6h5ekefneizmn54n4bcjjthyvdir22orayuya5zad.onion/client/?bC2aAD71E2976da53FC1Ef
https://prnt.sc/tnzooz
Click to see the 7 hidden entries
https://prnt.sc/to2qlx
http://prnt.sc/to2rab
https://prnt.sc/to2kqq
https://prnt.sc/to2lbp
https://prnt.sc/tnzqxf
http://prntscr.com/to31n0
https://torproject.org

Dropped files

Name	File Type	Hashes
C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui	data	#
C:\System Volume Information\tracking.log	data	#
C:\Recovery\WindowsRE\boot.sdi	data	#
Click to see the 52 hidden entries
C:\Recovery\WindowsRE\Winre.wim	data	#
C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui	data	#
C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui	data	#
C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui	data	#
C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui	data	#
C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui	data	#
C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui	data	#
C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui	data	#
C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui	data	#
C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui	data	#
C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.pdf	data	#
C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui	data	#
C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui	data	#
C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui	data	#
C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui	data	#
C:\Users\user\Desktop\DUUDTUBZFW\DUUDTUBZFW.docx	data	#
C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui	data	#
C:\Users\user\Desktop\BJZFPPWAPT\PALRGUCVEH.xlsx	DOS executable (COM, 0x8C-variant)	#
C:\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\DUUDTUBZFW\EIVQSAOTAQ.xlsx	data	#
C:\Users\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\Default\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\Default\AppData\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\Default\AppData\Local\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\DUUDTUBZFW\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\Public\Documents\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\CZQKSDDMWR\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\BXAJUJAOEO\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.png	data	#
C:\Users\user\Desktop\BJZFPPWAPT\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\BJZFPPWAPT\EOWRVPQCCS.jpg	data	#
C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx	data	#
\Device\ConDrv	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\Desktop\BJZFPPWAPT\EIVQSAOTAQ.mp3	data	#
C:\EFI\Microsoft\Boot\bg-BG\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\$RECYCLE.BIN\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\$RECYCLE.BIN\S-1-5-21-3853321935-2125563209-4053062332-1002\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\$RECYCLE.BIN\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini	Windows desktop.ini, ASCII text, with CRLF line terminators	#
C:\$RECYCLE.BIN\desktop.ini	Windows desktop.ini, ASCII text, with CRLF line terminators	#
C:\Config.Msi\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\Microsoft\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\Microsoft\Boot\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Recovery\WindowsRE\ReAgent.xml	data	#
C:\EFI\Microsoft\Boot\cs-CZ\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\Microsoft\Boot\da-DK\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\Microsoft\Boot\de-DE\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\Microsoft\Boot\el-GR\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\EFI\Microsoft\Boot\en-GB\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Recovery\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#
C:\Recovery\WindowsRE\!$R4GN4R_B62D26F8$!.txt	ASCII text, with CRLF line terminators	#

CWT_company_ragnar_locker.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

URLs

Dropped files

CWT_company_ragnar_locker.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

URLs

Dropped files

Search started

CWT_company_ragnar_locker.exe