garrantydecrypt

General

Target

b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3.exe
Size

12KB
Sample

200504-6r5nmgfcka
MD5

4a7378c7ef7a9b72aa2b38019aa6fcdc
SHA1

7e19a75d8a91fa2e4e6e7519609eb8c300a8a030
SHA256

b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3
SHA512

8eb4cfcd03315f5984ee6909cd33b3086227e610d78d24dd32525a421a92b440fe012f2b5403dbc10be8db875fa5db83731786578395fef44dde8394ec219441

Score

10^/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-910373003-3952921535-3480519689-1000\!read_me!.txt

Family

garrantydecrypt

Ransom Note

Do you want to return your files? Write to our email: [email protected] [email protected] Or contact us via jabber [email protected] Jabber (Pidgin) client installation instructions, you can find on youtube https://www.youtube.com/results?search_query=pidgin+jabber+install ICQ: @azor2020 !!!Any of your attempts to return files will result in complete loss of the database!!! tell your unique ID bRBOhcDKjvNnsUX4fhoXejTFlhkJDcvGiWyzB9mpzBr4lQotIY0P8jQT/y7S2o9SVFqe2+bFo/JyyvAjRHU2Lvjtgfs6sskfSP7+4GcHRLJmzA0ffVMQM4SeRfiO1YxFmG+EhxPOa9pdCEKkpNzvaTV0w7LGfzMyr/HKZIUEvP5PQEBqJbI0BkiJlun3z6WV1KeMAXmuVbW/yA+SP6kkr5HSaHe0CW19Vp+Kwg9yPVGY/4zoLY4KNa5kHahA/xbTUZSRpJ+PbqPRUiqPj7UJWOqnhyQawYrY5SMpOYAqtcgLkDAq1jBKqcvYnpGtQXwytWrw2E9zt+YOEPZx9cvKpNLu1yYCFsI0hUR546sT52a3T5wLRMqjRCA44r8OdWC48RGG+c0ugovhVNfRrpZTJTNSjrNAYahNYIvq7CGXquvSmwoVIz+rQ4y0Ygqh/QNziQC90bS2L3Xn7f+2XyfxjLarLQCXUNsHDrYMxmDene7CfNdwMGG5uvcgclqzXqKIwNNhxjJIub4dOeAxidXnBRfSO9mW/2gBOttlOMLODfHYDJb5SlrArP7AHs95yOmzIPGVm1Qje6EX+POlU9PaHHX5st91VRrXuuBWhk1QEddBU6uU0MsNMruhUnPM8GZPFfwMtcxT9rMiHoG2aIj8O9ea2Ah0wEOMmTB8b+ahQWzkHeqGljexCVGvdaSXZPnGtWxZTnvicomJX7u6ScwLEnxNoFDBMXCf3temhkgzrbDoBGBpWP/rZHv4q9cMUgFvYBLP/F8PObSc+GLvPHXIeYKFlbjy4xlyZcNOQxkLhSdGKG/ei/VW6mI8az38J75Geg5Uxhk6vnOBzYbvK0+Tbg7NbCDjPo1mfTT06nVnFq0aBNjVrdt1XVCb9RfVRu0FDXYX7pP7K7M6z10uH+moRKV1Dm422E+djGh/ybkU/hnZiWOgxQcsz38kzjmAu0bRYvFvOJ4cYrAqhryFe1QYiW2wPjYXeiNRR6RpAfBdomJQupsrVLiZK8T9PXFWD1wIB9SPLJ/j2NLloNvLl2ULFmepTu68qM7tKtGkEDqfiD4wFL5Z6/jvvZVWqrcKaCrBFjCQPj/o8xXlDODFtKDHM/BGwbJnU8YfEGBpf0xiAwLs2VWW3c2xYNeZ2UUY7OvV9Nr34moAynebcffvFUhd/kNJCurHDZFik2c8wSdfXHaqaytLO9SQxqXmnU9z4HKJ2Wxq7OUF3cOJRCOQsaMtd8wzKCBQrYnKB6mqWawMNXBlZVyHBwUre7vkSlU6lFWBKqLu2FSAbPa0QUEg41LEe5Wi9yQ7p3MTol+B0Pb+aHPCWZxDJ731GZGIE6LgHUEMi6lPsFBaBT4LF4ytaKqsZA==

Emails

[email protected]

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-1231583446-2617009595-2137880041-1000\!read_me!.txt

Family

garrantydecrypt

Ransom Note

Do you want to return your files? Write to our email: [email protected] [email protected] Or contact us via jabber [email protected] Jabber (Pidgin) client installation instructions, you can find on youtube https://www.youtube.com/results?search_query=pidgin+jabber+install ICQ: @azor2020 !!!Any of your attempts to return files will result in complete loss of the database!!! tell your unique ID RB3Vw6N+wzycFELtbbqS0OibTLenhMcPyO+m/uLNleUf6iUSAs4RytgBeU2goZiIl74gHPg0QBTJFOnmWMJ69lGa7vwJPdk5Q6kfMWsmURe6dYEnlF36Zmxg22CGQRZho064AQn5TZ1k8Q3UQuhLWwRdQxdJ2IJYmEviG9NQR0qwZ8oGYbI1Ys7KCURQP5daiW54OjyZ3TgJ9bW5GYw7MoYiAFcrme+0TRx+mxncJQXM4cdwiElMuXXkSbDxdo5OYGTPuWa20AmPwwN+2VoUrQ/NQqUw9Cqsxy597TMZpOwMYQ8Wq6liSo+6XuS1NmCh5yrnp2sujNsxbMsLS1lhvEiYxJ1Sjh2+WXi8UYCcOIKwGO0nve70NtTIiE5NEAEry81wmnfZn3B24tVzlZwiG79TYC6FiPlG3qA0njuMeYLdx7mLyGEVCpwv2bPUVJ4UQF+taqh33e1TT/99AIE4ZqG9q5CxQX76b31t3GMZBJoubwry85DIirqQstSZLZznHJUGUC+nW7OrGxvcCVvng9fnYFlQkNq58+Kk5QBp51Xt8lqVM/AKonU8QFUoCaNft1x1mK1b7x5vNJ/rmW2ktQmjGMylVhvoDi7awSA8k1+Zqt0rMorXWnPenxs+cqy9pynhBflqkYS0HEu9CsoEPl04bitbarPhf/WkP95Du5hWKS9L3UxFGS25aDXiUG8t4lZuDGAHi0juNQM+Xjo2xT7kL8H2pN5ta59tqB5Il3U0i2eGIafoPe35/9c2LdFXgkDvFFfuiXrvSvJ7TDBBKaKVtsyM5NsbnoYsIJDUCTQNjDA8lh3DOnkVLcODSKrmG/98zd9oN7kKk8bBJapbsAuHe0cMP70o60UWTubPc14VFogKZdJVwASrDB2jei0jV4+Q7Xn+86Ug3KdYqvInZ33W1ONK0LfeilkMea5Gi/BGcauXUt19lX/hV+kulmYnVvHeJJL7f/5GgWrTz4u89gjvUP4iY/DdbXOx6LM6eLmbT7jVQip+TFMy/FiNybolAR0UfbaSRHGYS6lDqdLMNkRuXQKKs1fDPRBmFZ+jGKF7/4I1LQkotACEOOKNcSEtDqiTdWL4v7tsHHLr/GpNLJDfa8EDrxz2edBbK4BIxxp1ttLpbHU6KnONA+2Hd0cTo0wNYk/fw+Ydl0QU0EDxnJ49JQCxBzf7MALZkGkp9miAlBjfE69PhV+w719z2uHHgivbah0L0Za7M0dtq7wvVDEocPjyUB/g5qeyKdMc4rsjNNKw7FNPGu2pRVSRssoPQJMruDWlCR+NntgACp5ntadHjLifdorOC10JhxaaKVr/v9F2cMrtnWU+Z405mj9fMtW2A2KFDHPpCF3odPbsgQ==

Emails

[email protected]

Targets

- Target
  
  b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3.exe
- Size
  
  12KB
- MD5
  
  4a7378c7ef7a9b72aa2b38019aa6fcdc
- SHA1
  
  7e19a75d8a91fa2e4e6e7519609eb8c300a8a030
- SHA256
  
  b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3
- SHA512
  
  8eb4cfcd03315f5984ee6909cd33b3086227e610d78d24dd32525a421a92b440fe012f2b5403dbc10be8db875fa5db83731786578395fef44dde8394ec219441
Score

10^/10

ransomware evasion garrantydecrypt persistence spyware
- GarrantyDecrypt
  Ransomware family first detected in late 2018.
  ransomware garrantydecrypt
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2