Overview

overview

10

Static

static

00b2679e73...10.exe

windows7_x64

10

00b2679e73...10.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00b2679e73e28343fd153df9858bc910.7z

  • Size

    452KB

  • Sample

    200611-8lgzkwzbha

  • MD5

    b413e84947b52663825f6d64811c9174

  • SHA1

    408eb084987e64d9ffd7c77cff01bb8f66808f3a

  • SHA256

    15b7ee3734e6bdecfc3a82fabfcd79fc3cae22fceb00c5d1afc8571a513510ce

  • SHA512

    4c29c279bd5d9f29fd0fd08efbc908161aa79909fed0aab94d057fc556ca00a8442aaeb68bb4d6695afe3d12c18cae55d33fcb8a55f1a5c34b678d46dc994d93

Score
10/10
ransomwarespyware

Malware Config

Extracted

Path

C:\program files\7-zip\lang\!!FAQ for Decryption!!.txt

Ransom Note
Good day. All your files are encrypted. For decryption contact us. Write here [email protected] We also inform that your databases, ftp server and file server were downloaded by us to our servers. * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss.

Targets

    • Target

      00b2679e73e28343fd153df9858bc910

    • Size

      715KB

    • MD5

      00b2679e73e28343fd153df9858bc910

    • SHA1

      f27390cdca4afea0ffeda89f117931858e7f5a7f

    • SHA256

      6396ea2ef48aa3d3a61fb2e1ca50ac3711c376ec2b67dbaf64eeba49f5dfa9df

    • SHA512

      35b06555bd088bdcdd13f3377832073ebdae9053fe8a640c41470560da1f093abe65d6cfc4cfce30a9af708a8926ea646c801b6c155d0517e612f807472a7261

    Score
    10/10
    ransomwarespyware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks