edp_ragnarlocker.exe

Status: finished

Submission Time: 2020-08-01 04:09:05 +02:00

Malicious

Ransomware

Spyware

Evader

RagnarLocker

Comments

Details

Analysis ID:
255505
API (Web) ID:
406548
Analysis Started:

2020-08-01 04:09:06 +02:00
Analysis Finished:

2020-08-01 04:18:18 +02:00
MD5:
3ca359f5085bb96a7950d4735b089ffe
SHA1:
60747604d54a18c4e4dc1a2c209e77a793e64dde
SHA256:
7af61ce420051640c50b0e73e718dd8c55dddfcb58917a3bead9d3ece2f3e929
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
http://p6o7m73ujalhgkiv.onion/?p=171
http://p6o7m73ujalhgkiv.onion/?page_id=171
http://mykgoj7uvqtgl367.onion/client/?6bECA2b2AFFfBC1Dff0aa0EaaAd468bec0903b5e4Ea58ecde3C264bC55c738
Click to see the 1 hidden entries
https://torproject.org

Dropped files

Name	File Type	Hashes
C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui	Unknown	#
Click to see the 97 hidden entries
C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\meiryo_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\wgl4_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\segoen_slboot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\segoe_slboot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\segmono_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msyhn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msyh_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msjhn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msjh_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\meiryon_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\malgunn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\malgun_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\kor_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\jpn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\cht_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\chs_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\memtest.efi	Unknown	#
C:\EFI\Microsoft\Boot\BOOTSTAT.DAT	Unknown	#
C:\EFI\Boot\bootx64.efi	Unknown	#
C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\lt-LT\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\lv-LV\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\nb-NO\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\RGNR_40708634.txt	Unknown	#
C:\Config.Msi\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\RGNR_40708634.txt	Unknown	#
C:\EFI\Boot\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\Resources\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\Resources\en-US\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\Resources\en-US\bootres.dll.mui	Unknown	#
C:\EFI\Microsoft\Boot\bg-BG\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\boot.stl	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\en-GB\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\en-US\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\es-MX\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\et-EE\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\fr-CA\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\RGNR_40708634.txt	Unknown	#
C:\EFI\Microsoft\Boot\hr-HR\RGNR_40708634.txt	Unknown	#

edp_ragnarlocker.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

URLs

Dropped files

edp_ragnarlocker.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

URLs

Dropped files

Search started

edp_ragnarlocker.exe