General

  • Target

    client.exe

  • Size

    61KB

  • Sample

    200512-e1ctv8a86n

  • MD5

    b8edb3062e489a16fd49868c18731a55

  • SHA1

    018a392975a8731735ef709e6418e5af19db3756

  • SHA256

    f0c0c989b018ee24cbd7548cec4e345fd34f491d350983fddb5ddc1ad1f4ba9f

  • SHA512

    6793968fab16a332217cff0a876a6e1355859b4dabb93a6362eec3412d029d7c7e3c957e136dfaa1f984527710cdef01abc27072f66ba45ded6758471a04fa12

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt

Family

hakbit

Ransom Note
!!! WARNING !!! WARNING !!! WARNING !!! Where are my files? We have them safely cyphered. You want them back? Contact: [email protected] Telegram Messenger : @CRYPTOMAB Key Identifier: BWmVcy4HiLlA42hfFL4WyIgHzYq76MCNXrjvKMDE3Pjbz1UfszKSjghUXMbOtRzv86zZfPzDL5EMabfvLZEHCNnTC3eVpTEMYg0h5PLjrrKjjmM9Rgt/fvQTLN8UbVNz+vPsCIZ7JzVoyow0cFQHSova4Gia+i1BOrBc7M7MSttYN1L5IKNqDDz0GoaQ28gFCMGduC2nAef9uJIaYEt/ewU/yOP5WWyGZuYYSmBH2OyeBw5rM347VBPYi0rE/Mw32BX36Pm7gRH3R5HBDNcxnwMIeX+aD77YhtT4KjcsLnZ1W7XDBO7V0mBxUSAp7cPUJo5oljUcasYveMBA2NuJlQ== Number of files that you could have potentially lost forever can be as high as: 70
Emails

Targets

    • Target

      client.exe

    • Size

      61KB

    • MD5

      b8edb3062e489a16fd49868c18731a55

    • SHA1

      018a392975a8731735ef709e6418e5af19db3756

    • SHA256

      f0c0c989b018ee24cbd7548cec4e345fd34f491d350983fddb5ddc1ad1f4ba9f

    • SHA512

      6793968fab16a332217cff0a876a6e1355859b4dabb93a6362eec3412d029d7c7e3c957e136dfaa1f984527710cdef01abc27072f66ba45ded6758471a04fa12

    • Hakbit

      Ransomware which encrypts files using AES, first seen in November 2019.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks