Analysis of New variant of Ransomware in Development stage

OVERVIEW

This week we spotted a new variant ransomware in the development stage. Currently, it appeared to be testing phase and very less AV vendors flag this sample. We dubbed this ransomware as ‘Target ransomware’. In this post, our team analyzed this ransomware variant.

Sample Details
File Hash (SHA-256):
5aac7c3cbfdef10e36e779a3b331fee0666898587c6a82ed7b0804c6d9fb16cd
File Size: 181248 bytes
PE type: EXE
Packer: UPX packer

Sample

We searched this sample in VirusTotal and it found to be first uploaded from Japan. And no major AV flagged this sample at the time of writing.

Figure 1 Detection rate in VT

Figure 2 First Submission of this sample - from Japan

First Submission detail says that sample was uploaded from Japan it is not sure that whether the sample developed in Japan or targeted in testing phase against Japan. We checked the strings and most of them are junk and not readable. So we need to unpack the ransomware sample first.



Current status

Appends ".ransomwared" extension. Encrypts only "Documents/target.txt" for now. So currently it didn't encrypt any other files in the system.



Comments

Google Plus:

Popular Posts