73c129ab01e74eb487bc6b6484a9f5085c6f78134493a73637ca7d355b2b587e

General

Target

1.bin.zip
Size

1.0MB
Sample

200704-drvs321ale
MD5

03cdc80d2b536a737f731ecf919af498
SHA1

59cabb0765d2464f318ac270835e6b1b319f2aa8
SHA256

73c129ab01e74eb487bc6b6484a9f5085c6f78134493a73637ca7d355b2b587e
SHA512

ef1b7edfbd94a51ac8c11e929b84dd76b911cbf864cb5cc4c02395c601575fc55f81bf37ce1959f5cff6d38a8a8bfbc83cb3e019073ce9c153b2abaac1b79503

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\READ_ME_Heyyyyyyy.txt

Ransom Note

All your files have been encrypted! All your documents (databases, texts, images, videos, musics etc.) were encrypted. The encryption was done using a secret keythat is now on our servers. To decrypt your files you will need to buy the secret key from us. We are the only on the world who can provide this for you. What can I do? Pay the ransom, in bitcoins, in the amount and wallet below. You can use www.coindirect.com/de - coinbase.com - coinmama.com - LocalBitcoins.com to buy bitcoins. 0,036 Bitcoin = 300 EURO Send BTC Address = 1NxoWvpXufC5PkagnfWD9Rf19wm5jchVkX

Wallets

1NxoWvpXufC5PkagnfWD9Rf19wm5jchVkX

Targets

- Target
  
  194270766c8afe4cdd99c8f1ebdbc18321bd79ac6f2f3e0c0638ea93ffe8aaf6
- Size
  
  2.0MB
- MD5
  
  13ee6ed04ada2524eabdf26bcc4849fe
- SHA1
  
  ea5aa317603aea0a39972f521792edc62d941fbc
- SHA256
  
  194270766c8afe4cdd99c8f1ebdbc18321bd79ac6f2f3e0c0638ea93ffe8aaf6
- SHA512
  
  8fd889ffc305e39702c7f2c2b798dfc5c0ea29ce9c39268321ad2917e8a90ee373862bff12bb6613f4ba3a2becc9236534f53a7aba85c248363aa419dc902920
Score

10^/10

ransomware evasion spyware trojan persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Modifies system certificate store
  evasion spyware trojan
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2