General

  • Target

  • Size

    157KB

  • MD5

    b488bdeeaeda94a273e4746db0082841

  • SHA1

    5dac89d5ecc2794b3fc084416a78c965c2be0d2a

  • SHA256

    139a7d6656feebe539b2cb94b0729602f6218f54fb5b7531b58cfe040f180548

  • SHA512

    2b62f0e0b017ed3d2dc7103d2020604f15f95449ba842bba18f886f9e1dcc977c459c53d1e6e7abfe6b99fc3dde24f5cc7a848c92443d1daf3574ef6f0263284

Score
10/10

Malware Config

Extracted

Family

sodinokibi

C2

lyricalduniya.com

theboardroomafrica.com

chris-anne.com

ownidentity.com

web865.com

paradigmlandscape.com

envomask.com

scentedlair.com

jlgraphisme.fr

andrealuchesi.it

mursall.de

letterscan.de

metcalfe.ca

dentourage.com

chomiksy.net

yayasanprimaunggul.org

opticahubertruiz.com

affligemsehondenschool.be

zealcon.ae

craftingalegacy.com

Attributes
  • pid

    10

  • ransom_oneliner

    Your files are encrypted! Open {EXT}.info.txt!

  • ransom_template

    Hello dear friend! Your files are encrypted, and, as result you can't use it. You must visit our page to get instructions about decryption process. All encrypted files have got {EXT} extension. Instructions into the TOR network ----------------------------- Install TOR browser from https://torproject.org/ Visit the following link: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} Instructions into WWW (The following link can not be in work state, if true, use TOR above): ----------------------------- Visit the following link: http://decryptor.top/{UID} Page will ask you for the key, here it is: {KEY}

  • sub

    7

Signatures

Files

  • 139a7d6656feebe539b2cb94b0729602f6218f54fb5b7531b58cfe040f180548
    .exe windows x86