Overview

overview

10

Static

static

c893c83ac9...in.exe

windows7_x64

10

c893c83ac9...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin

  • Size

    69KB

  • Sample

    200603-2bhkp3agw6

  • MD5

    945a97ecbc3ef0845a3156c55e7b4092

  • SHA1

    f1a02467fbe897a44da3604185be03cd51461b55

  • SHA256

    c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013

  • SHA512

    80cb194761b181fe0e0c0bec1f70bc8e6839e05ab9e89ca1d437fc442d8fddf025afe39bae65606ad7eedc0aaf22999353823db83611c76a29c51f8718130813

Score
10/10
ransomwarespyware

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-910373003-3952921535-3480519689-1000\WYFQSG-HOW-TO-FIX.TXT

Ransom Note
Hello. Some of your files have been encrypted with the .wYFqSG file extension. in order to decrypt them, please contact us via https://licky.org. how to set up a licky account: open "https://licky.org" in a web browser (Google prefered) then click "Sign up here" and create a username and password. After that, you should be in. At the top it should say "Enter a username#0000" type in: Hacker47817628648971#4166 an "Error" message should pop up, ignore it! we will get back to you sometime later. if no answer in week email us:[email protected] PLEASE AFTER CONTACT MADE UNLESS EMAIL - PASTE YOUR "PERSONAL" WE CANNOT DECRYPT FILE WITHOUT IT! DO NOT EDIT! -------------------------------- PERSONAL -------------------------------- LndZRnFTRz5BZG1pbkBESlJXR0RMWkBESlJXR0RMWnxjNHhzenFTejM2bUdBd2NoRDgwSXVSZDhj SGtSUHRnZlZoYS9FWGNydnhvT3BGcitjUXNkZlR0a3hHRDZWdHFaUDFhSDdzQmplTDVHNDdJenZ4 THo1V2l6SDF5UlpOZnNBelR2bFBLdm1xdk10eWdCazZsb0VpekxHMXc1a3RNM1U4OHVzMzJLa2Zp U290cDZ4RC9VZWUrSWM3bnJsdnBGWlNhb1BaNTQ1SXRZeGRJcU1jbTJiaWRqT2dtcU9pdUJGN0Nr VWM2UjhRNEF4eDI3SC9OWGVZTUZITXdwN1ZuY1lZM3poYlJMWU9lUjlmNitTOWp4WjNQN3dmUXlk Vm5zVmtvRXVRRzVwNXNnZjVnKzlwbWNremNHVXlBdGUvQ0ptNDB6YVBJcHRuVld1YWZvbkxoL0hv azU1bTcvUTJ0ZEh1bmg2b0FLdmROZXpQWEplaEduK2c9PQ== --------------------------------------------------------------------------
Emails

us:[email protected]

URLs

https://licky.org

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-1231583446-2617009595-2137880041-1000\KJGDFLC-HOW-TO-FIX.TXT

Ransom Note
Hello. Some of your files have been encrypted with the .KjgdFLC file extension. in order to decrypt them, please contact us via https://licky.org. how to set up a licky account: open "https://licky.org" in a web browser (Google prefered) then click "Sign up here" and create a username and password. After that, you should be in. At the top it should say "Enter a username#0000" type in: Hacker47817628648971#4166 an "Error" message should pop up, ignore it! we will get back to you sometime later. if no answer in week email us:[email protected] PLEASE AFTER CONTACT MADE UNLESS EMAIL - PASTE YOUR "PERSONAL" WE CANNOT DECRYPT FILE WITHOUT IT! DO NOT EDIT! -------------------------------- PERSONAL -------------------------------- LktqZ2RGTEM+QWRtaW5AT1daTU9UUUFAT1daTU9UUUF8cXJVQ3FMbXY5bzJ1NHIzNkNvZExOeVNB Z202RjhnZURobFQrbGN1RFhqLzNtOGEwbFIvajc2VnI5aWdVdUFPVjdQN2xERElqa05zeHlpTmt4 K3kzZlYrOFJOY21SSmhjTXYyOGtjQlJHTVd6d2lnaVJ4MVFMNyt6NitrZU4ydmsxbGkzZTJlZHVz Z2FqUXU3cnpvQThnYjk0WVd5eHFuaG1PNGRsUHdoam9NMXFrc3FFeVNTYnBTOWpta0l1QkcwcVBD UzI3dnVUaFprd2M1MEsrckkvUmhHWDNrU2VCaU5CSGsrRGNTaXIvSThBN0lKWldUVjVkRGFQcDM5 dkk0WG54L2UwZGlSZWxvN1pIL0M4bldKQ0MxR215M2wvMk1CNlg3M0Q4U0VqWi9zYm5kUFJ1STY3 VnZUSllsaXlkcEU0MXpkQThUS0puaWNuN3Y1ZjhtRERBPT0= --------------------------------------------------------------------------
Emails

us:[email protected]

URLs

https://licky.org

Targets

    • Target

      c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin

    • Size

      69KB

    • MD5

      945a97ecbc3ef0845a3156c55e7b4092

    • SHA1

      f1a02467fbe897a44da3604185be03cd51461b55

    • SHA256

      c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013

    • SHA512

      80cb194761b181fe0e0c0bec1f70bc8e6839e05ab9e89ca1d437fc442d8fddf025afe39bae65606ad7eedc0aaf22999353823db83611c76a29c51f8718130813

    Score
    10/10
    ransomwarespyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks