Analysis of New variant of Ransomware in Development stage
This week we spotted a new variant ransomware in the development stage. Currently, it appeared to be testing phase and very less AV vendors flag this sample. We dubbed this ransomware as ‘Target ransomware’. In this post, our team analyzed this ransomware variant.
File Hash (SHA-256):
File Size: 181248 bytes
PE type: EXE
Packer: UPX packer
We searched this sample in VirusTotal and it found to be first uploaded from Japan. And no major AV flagged this sample at the time of writing.
Figure 1 Detection rate in VT
Figure 2 First Submission of this sample - from Japan
First Submission detail says that sample was uploaded from Japan it is not sure that whether the sample developed in Japan or targeted in testing phase against Japan. We checked the strings and most of them are junk and not readable. So we need to unpack the ransomware sample first.
Appends ".ransomwared" extension. Encrypts only "Documents/target.txt" for now. So currently it didn't encrypt any other files in the system.