hakbit

General

Target

client.exe
Size

61KB
Sample

200512-e1ctv8a86n
MD5

b8edb3062e489a16fd49868c18731a55
SHA1

018a392975a8731735ef709e6418e5af19db3756
SHA256

f0c0c989b018ee24cbd7548cec4e345fd34f491d350983fddb5ddc1ad1f4ba9f
SHA512

6793968fab16a332217cff0a876a6e1355859b4dabb93a6362eec3412d029d7c7e3c957e136dfaa1f984527710cdef01abc27072f66ba45ded6758471a04fa12

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt

Family

hakbit

Ransom Note

!!! WARNING !!! WARNING !!! WARNING !!! Where are my files? We have them safely cyphered. You want them back? Contact: servocrypt@tutanota.com Telegram Messenger : @CRYPTOMAB Key Identifier: BWmVcy4HiLlA42hfFL4WyIgHzYq76MCNXrjvKMDE3Pjbz1UfszKSjghUXMbOtRzv86zZfPzDL5EMabfvLZEHCNnTC3eVpTEMYg0h5PLjrrKjjmM9Rgt/fvQTLN8UbVNz+vPsCIZ7JzVoyow0cFQHSova4Gia+i1BOrBc7M7MSttYN1L5IKNqDDz0GoaQ28gFCMGduC2nAef9uJIaYEt/ewU/yOP5WWyGZuYYSmBH2OyeBw5rM347VBPYi0rE/Mw32BX36Pm7gRH3R5HBDNcxnwMIeX+aD77YhtT4KjcsLnZ1W7XDBO7V0mBxUSAp7cPUJo5oljUcasYveMBA2NuJlQ== Number of files that you could have potentially lost forever can be as high as: 70

Emails

Contact: servocrypt@tutanota.com

Targets

- Target
  
  client.exe
- Size
  
  61KB
- MD5
  
  b8edb3062e489a16fd49868c18731a55
- SHA1
  
  018a392975a8731735ef709e6418e5af19db3756
- SHA256
  
  f0c0c989b018ee24cbd7548cec4e345fd34f491d350983fddb5ddc1ad1f4ba9f
- SHA512
  
  6793968fab16a332217cff0a876a6e1355859b4dabb93a6362eec3412d029d7c7e3c957e136dfaa1f984527710cdef01abc27072f66ba45ded6758471a04fa12
Score

10^/10

ransomware persistence spyware hakbit
- Hakbit
  Ransomware which encrypts files using AES, first seen in November 2019.
  ransomware hakbit
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Modifies service
  persistence
behavioral1