Overview

overview

10

Static

static

90a909a450...00.exe

windows7_x64

10

90a909a450...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90a909a4508aa899b4be372e7de6f500.exe

  • Size

    62KB

  • Sample

    200618-5132s4nyax

  • MD5

    90a909a4508aa899b4be372e7de6f500

  • SHA1

    7bb201923d7055c149858d087c0a44ab9530536e

  • SHA256

    1c83ff2394da76e6296e6ad72c40dbde107704a711bbd08b633c57587230ccf8

  • SHA512

    57b732ac3827878c81ed45e26001695c42240b6eb16d4c9d0ecd34d41ede0d598983c156a5c22c8a5f79e81437ed308e0414571cda1c0725ab7b2b3ef9f683cf

Score
10/10
ransomwarespyware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\DEAL_FOR_ACCESS_TO_YOUR_FILES.txt

Ransom Note
*** WARNING *** Important Files In This Machine Has LOCKED. Your Files ONLY Can Recover By Special Unlocker. Important And Private Documents Also COPIED. After This Message Time For Payment Is Limited. After Time Limit Next Payment Will Be x2 Next Step Is Publish Files And Document. You Can Test 1 File (Max. 2MB) To Unlock l1u1t1@secmail.pro Key Identifier: ge80jh5VU8BIcj3mH8WfI4wvcFexcohH13mXMfpWXS4b2d4IoVxuO+SXm24ob3A+mboN+DfDVNaQxRC7O8uj6diE9iuaDZw7/RFbfeIEdYWwZK8Mt/LMrn4bEobm20dK6wJTcibW2I4ALPLKRdoW0PYkHDEAsU1d7MXysMmGoBfYWh72Nx8j3J8oFbdI5TUa7z3YAtqEFFfy8U0K9EJf2TUKw2jvZMkW3VzvV18j0m9nwpFm1I8WI62xdu8qzAlYbbd5BjAC6L30iXu5m3SfYWtvIp7ZdcogMlHes3NZegPb0FCyK4PK0TTFuZshuETcB/91BcGNAxsKlax4Mysfbw==
Emails

l1u1t1@secmail.pro

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\DEAL_FOR_ACCESS_TO_YOUR_FILES.txt

Ransom Note
*** WARNING *** Important Files In This Machine Has LOCKED. Your Files ONLY Can Recover By Special Unlocker. Important And Private Documents Also COPIED. After This Message Time For Payment Is Limited. After Time Limit Next Payment Will Be x2 Next Step Is Publish Files And Document. You Can Test 1 File (Max. 2MB) To Unlock l1u1t1@secmail.pro Key Identifier: On5TrSwffaf8cdrYWygamPz+sRvUObZ84oiaI2t3MVfipXn+mgBPo1hizJfpCpOBm6Lany40ycuFkjhm4s0WebPgOzJTu/iY0l4UH/Csw/uv7Cr/MK2SRJeW4WHUBxpu/8lS2SzQ/67rSUPRtk8zlp43C9euJM5/SK/khT3kkrofhaUhqY01sHQLdNVwPzI9ohDM6dQuXv4wJLpTUa/Fl7RFRlLNLuAQfBUX1vg0543Y8QTuUuFDpUKozZes5jdah/U8tqz9uUy6pim1QhyluiH2Sx8RNRcuPddlH+SKnsqgY3JdYOQ1wwNf6PZQZQhqSx43vxPVMRZjKGb176AR4g==
Emails

l1u1t1@secmail.pro

Targets

    • Target

      90a909a4508aa899b4be372e7de6f500.exe

    • Size

      62KB

    • MD5

      90a909a4508aa899b4be372e7de6f500

    • SHA1

      7bb201923d7055c149858d087c0a44ab9530536e

    • SHA256

      1c83ff2394da76e6296e6ad72c40dbde107704a711bbd08b633c57587230ccf8

    • SHA512

      57b732ac3827878c81ed45e26001695c42240b6eb16d4c9d0ecd34d41ede0d598983c156a5c22c8a5f79e81437ed308e0414571cda1c0725ab7b2b3ef9f683cf

    Score
    10/10
    ransomwarespyware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks