c49eb3f83f94347d223338a13a2a57387ac689dc16d64f3d41a251b3a3325e5d

General

Target

Badboymnb.exe
Size

23KB
Sample

200616-ytvjca5a1a
MD5

0bf3158979d38b3d3c99ccfa5b1b4a83
SHA1

f8eb3e0ab7f09eb93125afa11d5c793f55e1c607
SHA256

c49eb3f83f94347d223338a13a2a57387ac689dc16d64f3d41a251b3a3325e5d
SHA512

938b82fde3e7bddb96948d9548ebd325dd63fb01292a8a8fcb22e102b51bee66143be21d24c18d9e9a6b6c2518e82992e056fccf4fa7492938ffe8848bcc096a

Score

10^/10

Malware Config

Extracted

Path

C:\ReadME-BadboyEncryption.txt

Ransom Note

All your data has been locked us. You want to return? Contact to Email: [email protected] Your Personal Key : Bb9JcGVCqdLiEw1z1W7f3OYN+CTC3XlmA/sVd3slXMFMqx7WKTlwMcnz4WlLtr2DijaUDvFmrF3wsmo4j/yJym/hOQiw5gcxGCC8H9FQLB3cp32TSXZF4pn4h7+vw4gY+ebDS1SV00P5pboPoWTbwl107WT54MJX/0PzB9TUdsW2tzILfaqd2vUW+5OxdHwZvPB2ij8st3l4WIKkuwtgwFMQaruAxXT55HykE1hQFrlh1j/UXaK7h09g5Ufc12Alv+qRcoZTwzkVCMe8Nzi8YNevDC6ffoH3NXgNJ5dLPCqplt0Y5aqwtPN0A6j1XBBcgpOUa3dEN76s9Ny1HO1VPg==

Emails

[email protected]

Targets

- Target
  
  Badboymnb.exe
- Size
  
  23KB
- MD5
  
  0bf3158979d38b3d3c99ccfa5b1b4a83
- SHA1
  
  f8eb3e0ab7f09eb93125afa11d5c793f55e1c607
- SHA256
  
  c49eb3f83f94347d223338a13a2a57387ac689dc16d64f3d41a251b3a3325e5d
- SHA512
  
  938b82fde3e7bddb96948d9548ebd325dd63fb01292a8a8fcb22e102b51bee66143be21d24c18d9e9a6b6c2518e82992e056fccf4fa7492938ffe8848bcc096a
Score

10^/10

ransomware persistence spyware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Modifies service
  persistence
behavioral1 behavioral2