๐๐๐๐ ๐๐๐ง๐ฌ๐จ๐ฆ๐ฐ๐๐ซ๐: ๐ ๐๐ซ๐จ๐ฐ๐ข๐ง๐ ๐๐ก๐ซ๐๐๐ญ ๐ญ๐จ ๐๐จ๐ซ๐ฉ๐จ๐ซ๐๐ญ๐ ๐๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ
PE32โs ability to encrypt critical files and exfiltrate data threatens organizations in banking, retail, healthcare, manufacturing, and technology. Some of its key functionalities include:
ยท Rapid File Encryption: PE32 targets visible folders like the Desktop, appending a .pe32s extension, and begins encryption after minimal user interaction.
ยท Dual Ransom Demands: Unlike typical ransomware, PE32 employs a two-tier payment model: $700 to $7,000 for file decryption and $10,000 to 2 BTC for preventing data leaks.
ยท Telegram-Based Command and Control (C2): The ransomware uses the Telegram Bot API for communication, with exposed bot tokens making it traceable but no less disruptive.
Its lack of obfuscation and reliance on basic Windows libraries highlight inexperienced authors behind the threat, yet its active development signals growing danger.
Read detailed analysis of this ransomware strain on ANY.RUNโs blog.
๐๐จ๐ฐ ๐๐๐.๐๐๐ ๐๐๐ฅ๐ฉ๐ฌ ๐๐จ๐ฆ๐ฉ๐๐ง๐ข๐๐ฌ ๐๐๐ญ๐๐๐ญ ๐๐ง๐ ๐๐ง๐๐ฅ๐ฒ๐ณ๐ ๐๐๐๐
Using ANY.RUNโs Interactive Sandbox, organizations can analyze PE32 Ransomware in a secure, cloud-based environment. The service simplifies extraction of Indicators of Compromise (IOCs), monitors Telegram-based C2 activity, and maps attack behaviors, enabling faster response and recovery.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN empowers organizations in banking, manufacturing, telecommunications, healthcare, retail, and technology with cutting-edge malware analysis and threat intelligence. Its cloud-based Interactive Sandbox, paired with advanced tools like TI Lookup and YARA Search, helps businesses analyze threats in under 40 seconds, building resilient cybersecurity operations.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
Twitter