birch_ragnarlocker.exe

Status: finished

Submission Time: 2020-08-01 04:10:10 +02:00

Malicious

Ransomware

Evader

RagnarLocker

Comments

Details

Analysis ID:
255506
API (Web) ID:
406550
Analysis Started:

2020-08-01 04:10:10 +02:00
Analysis Finished:

2020-08-01 04:18:48 +02:00
MD5:
3dabfb99101821ae0e89389a9c9d28a5
SHA1:
72b19c503a642770945355ea0dce96bf9d735f81
SHA256:
1602d04000a8c7221ed0d97d79f3157303e209d4640d31b8566dd52c2b09d033
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
http://p6o7m73ujalhgkiv.onion/2020/03/18/leaks-from-communicate-giant/
http://rgngerzxui2kizq6h5ekefneizmn54n4bcjjthyvdir22orayuya5zad.onion/client/?6C3B93D0480953d13302f1
http://prnt.sc/sflk1s
Click to see the 4 hidden entries
http://prnt.sc/sflkc8
http://prnt.sc/sflkn2
https://torproject.org
https://prnt.sc/sfle2v

Dropped files

Name	File Type	Hashes
C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui	Unknown	#
Click to see the 97 hidden entries
C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\jpn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msyh_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msjhn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msjh_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\meiryon_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\meiryo_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\malgunn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\malgun_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\kor_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\cht_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\chs_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\BOOTSTAT.DAT	Unknown	#
C:\EFI\Boot\bootx64.efi	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\segmono_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\wgl4_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\segoen_slboot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\segoe_slboot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\msyhn_boot.ttf	Unknown	#
C:\EFI\Microsoft\Boot\ko-KR\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\it-IT\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\hu-HU\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\ja-JP\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\hr-HR\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\lt-LT\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\lv-LV\RGNR_467DC3B5.txt	Unknown	#
C:\$RECYCLE.BIN\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\boot.stl	Unknown	#
C:\$RECYCLE.BIN\S-1-5-21-3853321935-2125563209-4053062332-1002\RGNR_467DC3B5.txt	Unknown	#
C:\$RECYCLE.BIN\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini	Unknown	#
C:\$RECYCLE.BIN\desktop.ini	Unknown	#
C:\Config.Msi\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Boot\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\Fonts\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\Resources\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\Resources\en-US\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\Resources\en-US\bootres.dll.mui	Unknown	#
C:\EFI\Microsoft\Boot\bg-BG\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\fr-FR\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\cs-CZ\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\da-DK\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\de-DE\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\el-GR\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\en-GB\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\en-US\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\es-ES\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\es-MX\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\et-EE\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\fi-FI\RGNR_467DC3B5.txt	Unknown	#
C:\EFI\Microsoft\Boot\fr-CA\RGNR_467DC3B5.txt	Unknown	#

birch_ragnarlocker.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

URLs

Dropped files

birch_ragnarlocker.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

URLs

Dropped files

Search started

birch_ragnarlocker.exe