General
-
Target
2F8D2E2177EE32CA380C4EDF4F7160D4.bin
-
Size
27KB
-
Sample
200701-p8b29476wn
-
MD5
2f8d2e2177ee32ca380c4edf4f7160d4
-
SHA1
54682e6579620b6f8406b5122fcca2ff6c7cd80b
-
SHA256
2cc7e6ee6c500f4968b6f989ac295d2de0b3974b5905ec1fc3ab9e8662788379
-
SHA512
49dd1f1d1e862166f5ba142ea93f339a46684ff43c7890a24b2700bdde996750c0ee98030469091d78ec4b38552b7ca92e162088c32e912f96b4fac8ca22c139
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\README.txt
Family
darkcrypt
Ransom Note
[+] All Your Files Have Been Encrypted [+]
[-] Do You Really Want To Restore Your Files?
[+] Write Us To The E-Mail : [email protected]
[+] If you did not get any response until 24 hours later,Write to this E-Mail : [email protected]
[-] Write Your Unique-ID In The Title Of Your Message.
[+] Unique-ID : F86B013E
[-] You Have To Pay For Decryption In Bitcoins.
[-] The Price Depends On How Fast You Write To Us.
[-] After Payment We Will Send You The Decryption Tool
That Will Decrypt All Your Files.
_______________________________________________
[+] Free Decryption As Guarantee [+]
[-] Before Paying You Can Send Us Up To 5 Files For
Free Decryption, The Total Size Of Files Must Bee Less
Than 10MB, (Non Archived) And Files Should Not Contain
Valuable Information (Databases, Backups, Large Excel
-Sheets, Etc).
_______________________________________________
[+] How To Obtain Bitcoins [+]
[-] The Easiest Way To Buy Bitcoins Is LocalBitcoins
Site : https://localbitcoins.com/buy_bitcoins
You Have To Register, Click 'Buy Bitcoins', And Select
The Seller By Payment Method And Price.
[-] Also You Can Find Other Places To Buy Bitcoins And
Beginners Guide Here:
http://coindesk.com/information/how-can-i-buy-bitcoins
_______________________________________________
[+] Attention! [+]
[-] Do Not Rename Encrypted Files.
[-] Do Not Try To Decrypt Your Data Using Third Party
-Software, It May Cause Permanent Data Loss.
[-] Decryption Of Your Files With The Help Of Third
Parties May Cause Increased Price (They Add Their Fee
To Our) Or You Can Become A Victim Of A Scam.
_________________DARKCRYPT_Ransomware___________________
URLs
http://coindesk.com/information/how-can-i-buy-bitcoins
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\WannaScream.hta
Ransom Note
All your files have been encrypted by Wanna Scream!
due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
Write this ID in the title of your message: F86B013E
In case of no answer in 24 hours write us to this e-mail: [email protected]
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\README.txt
Family
darkcrypt
Ransom Note
[+] All Your Files Have Been Encrypted [+]
[-] Do You Really Want To Restore Your Files?
[+] Write Us To The E-Mail : [email protected]
[+] If you did not get any response until 24 hours later,Write to this E-Mail : [email protected]
[-] Write Your Unique-ID In The Title Of Your Message.
[+] Unique-ID : 949CEBC7
[-] You Have To Pay For Decryption In Bitcoins.
[-] The Price Depends On How Fast You Write To Us.
[-] After Payment We Will Send You The Decryption Tool
That Will Decrypt All Your Files.
_______________________________________________
[+] Free Decryption As Guarantee [+]
[-] Before Paying You Can Send Us Up To 5 Files For
Free Decryption, The Total Size Of Files Must Bee Less
Than 10MB, (Non Archived) And Files Should Not Contain
Valuable Information (Databases, Backups, Large Excel
-Sheets, Etc).
_______________________________________________
[+] How To Obtain Bitcoins [+]
[-] The Easiest Way To Buy Bitcoins Is LocalBitcoins
Site : https://localbitcoins.com/buy_bitcoins
You Have To Register, Click 'Buy Bitcoins', And Select
The Seller By Payment Method And Price.
[-] Also You Can Find Other Places To Buy Bitcoins And
Beginners Guide Here:
http://coindesk.com/information/how-can-i-buy-bitcoins
_______________________________________________
[+] Attention! [+]
[-] Do Not Rename Encrypted Files.
[-] Do Not Try To Decrypt Your Data Using Third Party
-Software, It May Cause Permanent Data Loss.
[-] Decryption Of Your Files With The Help Of Third
Parties May Cause Increased Price (They Add Their Fee
To Our) Or You Can Become A Victim Of A Scam.
_________________DARKCRYPT_Ransomware___________________
URLs
http://coindesk.com/information/how-can-i-buy-bitcoins
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\WannaScream.hta
Ransom Note
All your files have been encrypted by Wanna Scream!
due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
Write this ID in the title of your message: 949CEBC7
In case of no answer in 24 hours write us to this e-mail: [email protected]
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Targets
-
-
Target
2F8D2E2177EE32CA380C4EDF4F7160D4.bin
-
Size
27KB
-
MD5
2f8d2e2177ee32ca380c4edf4f7160d4
-
SHA1
54682e6579620b6f8406b5122fcca2ff6c7cd80b
-
SHA256
2cc7e6ee6c500f4968b6f989ac295d2de0b3974b5905ec1fc3ab9e8662788379
-
SHA512
49dd1f1d1e862166f5ba142ea93f339a46684ff43c7890a24b2700bdde996750c0ee98030469091d78ec4b38552b7ca92e162088c32e912f96b4fac8ca22c139
Score10/10-
DarkCrypt
Another variant of WannaCry ransomware (Imitation).
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-