Overview

overview

10

Static

static

ransom.bin.exe

windows7_x64

10

ransom.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransom.bin.zip

  • Size

    75KB

  • Sample

    200531-wy8mh37tsj

  • MD5

    f0d69201c689161ce0ee2836510a7d7a

  • SHA1

    5e6ba7faf1859be89d1876b7c25eb2b2ccd6d722

  • SHA256

    36bbb22a967bc33031ccd6502f2163cc7e4c2460c462880e150e2470e9b6c2b6

  • SHA512

    99537c6142b00d22460123415cbd915120da9b8177985589d7065303fd378ce77ae3760a6e5653bbaa96e4b82d4b2fb71ea5abdc3800bd3ca20f617e35d17221

Score
10/10
persistenceransomware

Malware Config

Extracted

Path

C:\Users\Admin\ReadMe.txt

Ransom Note
What happend for my computer? All your files are encrypted due a security issue in your computer. What should i do? You have 48 hours to email us.Otherwise, the decryption price will increase or become impossible. Your email must contain your unique id and the unique key. your unique id is 7CA96E25 your unique key is lpT6xs/T+Zq0oYiLS2jjlUOifOZ5ojRhxH/Hx1W0Z4W4sO14SvNwla8/sh3zoTH09fYFmYwpUreQE0jZP7wGCsEVVmf939uzvwo1qleBRp3h5ELef1ednrDCdqxfUJntx9p62FxTk9uADlkuWeaZMEpyPoCa4xlXDe9AOFz2ccUpFkkrJ4+pOK8wM4JUx4Nr1hRbpF26jt79kOfAECr/THKVm47oiVIg+ANrGEGaRWTy1gE5HsZxxqjqdrDGcGnOol0A6oFdbIZ8z+mDwe9o1KD3VOzdlHFfxJ5tBuz5Gd6Xn0vMZcQnqLn5hi6q4bA7tkcfF/KqOyHzUP5JpIQ33KXmC82IYt+S/jzjEUhsV6URTGKEkP2KwQvcSrIdsPzGK7SVTcNiMmT4vMHdOXptRXIk8o2geiliuWdl1+9pJ2NC3CelH29gNPcgeSj2uiHuLOciRNHPOqRNrNYGgfU9JqZaMWfYyVI1jdNUPgneLC+kXyL7at3SGvDgoobNMvOwsBX0PK3yrxH5MAFuKSyglkgeKlKwsV+783GkO3QLCsHjYqaZfunsaxlG2SNitw+HvRmjEBYHwLk9LlopnCUCv3FjpKNTW5chMotImS0zjnZlgw96hZEC+wirdxFlyr+D9UVbUwpEoxFuE/KIQ7W+wI4FcalUO/tktSzRnOv08Cc= Email Address: [email protected] If you didn't recive any response till 24 hours,Send email to this address: [email protected] What is our guarantee? We decrypt two files for you Free to be sure that we are able to recover your files.

Extracted

Path

C:\Users\Admin\ReadMe.txt

Ransom Note
What happend for my computer? All your files are encrypted due a security issue in your computer. What should i do? You have 48 hours to email us.Otherwise, the decryption price will increase or become impossible. Your email must contain your unique id and the unique key. your unique id is 949CEBC7 your unique key is SLBbNILq7LG+MNH/A/FvB34mMLoaUmcUIQDn/vlLvZtFDLiyRhFUZjM6AhgkyT7TuwFQBz75OCqXBOx5xcr+sfgCTmGtVGKoAfUFMkmn/j670b6RZWhMWwiyp33BTA58h3aRX6p4ae0D1dSuM9UF8cWmp+p3icjfB1vD6+dJQm3E8cefyJz+VvgNSaLYQarI+7PpiugFsvi0KnPHQuw4+rWu2+11kz0hI2/vSacDCkaCOu9vDB9379rTIRDZ+5EAmdqBU5+8EePwc5+klwnKGPeqKAAuSDvYH9kPC+eSk7/zcT4IWCTKsdIpKfTDfBGTk+fkxYEpNUr2/iwzN2JFUNohLInVF7qveGGZNtATEfG297tXvQz/RxGAFEnVePjS801r67CeaFeAfSH+i9rdOjlA3hPuKqykQ/yPYQpChaDcfKH3R+mFZRAa2Gyt0ii6tQCDuSwFfD80b+6P/yEzazcUm4aAoFdp59+kxDde6K/EwqZ48OPP3HWore9CwDR8J2LVb/9MF+z7ydLO82cODbqBeTOygB/t7DAuWI3ySyGa4CX/nQ78+MVZSsgPEKCco7Sg4Z1g1BMACwRP9lPaFsyyVOA7b+E+hUbIlDdobqSvhPBYmeil5XE9lgxJzwHkIZz/a4lI5ldCzMnTmzT4clWiwrwy1i7aexsIqR3aWkA= Email Address: [email protected] If you didn't recive any response till 24 hours,Send email to this address: [email protected] What is our guarantee? We decrypt two files for you Free to be sure that we are able to recover your files.

Targets

    • Target

      ransom.bin

    • Size

      82KB

    • MD5

      50a8eaf7e9aacf554862a4dd4a44f70f

    • SHA1

      81fce02871932bbc6811fb955471ff90b5f29190

    • SHA256

      adc2f5649973f922dc8294df91c63303870178c8a6839c1a9e8c9e4c4516bfd0

    • SHA512

      416e15f6dc1e25c867011a90645775c6a30add95578082b19950641e28a22bd8c049b5f8c02d5d7514e6b5db0e646e91995b09ea3a58ab7bce9726e60a9f2cf4

    Score
    10/10
    ransomwarepersistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks