Analysis of New variant of Ransomware in Development stage


This week we spotted a new variant ransomware in the development stage. Currently, it appeared to be testing phase and very less AV vendors flag this sample. We dubbed this ransomware as ‘Target ransomware’. In this post, our team analyzed this ransomware variant.

Sample Details
File Hash (SHA-256):
File Size: 181248 bytes
PE type: EXE
Packer: UPX packer


We searched this sample in VirusTotal and it found to be first uploaded from Japan. And no major AV flagged this sample at the time of writing.

Figure 1 Detection rate in VT

Figure 2 First Submission of this sample - from Japan

First Submission detail says that sample was uploaded from Japan it is not sure that whether the sample developed in Japan or targeted in testing phase against Japan. We checked the strings and most of them are junk and not readable. So we need to unpack the ransomware sample first.

Current status

Appends ".ransomwared" extension. Encrypts only "Documents/target.txt" for now. So currently it didn't encrypt any other files in the system.


Popular Posts