General

  • Target

    1d67abe1ec08e6215e08d6bb595ade3d1d33d0e886edf887b29f4d8e1d46e593

  • Size

    4.6MB

  • Sample

    200713-5x5vderhsx

  • MD5

    7d9c6313b2e412f0db4380b279eb4fed

  • SHA1

    0675b3958e7eef4090775f665d8201837f167f01

  • SHA256

    1d67abe1ec08e6215e08d6bb595ade3d1d33d0e886edf887b29f4d8e1d46e593

  • SHA512

    ddaa21b661f448442df6556dec57429636e7aa6fa9ce4f098ac218cc702b301903c7bf254b9aee732a90561402b420d977be6bb7940bf49aa55e0e5f9991075e

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
Hello! All your files are encrypted, write to me if you want to return your files - I can do it very quickly! Contact me by email: [email protected] or [email protected] The subject line must contain an encryption extension or the name of your company! Do not rename encrypted files, you may lose them forever. You may be a victim of fraud. Free decryption as a guarantee. Send us up to 3 files for free decryption. The total file size should be no more than 1 MB! (not in the archive), and the files should not contain valuable information. (databases, backups, large Excel spreadsheets, etc.) !!! Do not turn off or restart the NAS equipment. This will lead to data loss !!!

Targets

    • Target

      1d67abe1ec08e6215e08d6bb595ade3d1d33d0e886edf887b29f4d8e1d46e593

    • Size

      4.6MB

    • MD5

      7d9c6313b2e412f0db4380b279eb4fed

    • SHA1

      0675b3958e7eef4090775f665d8201837f167f01

    • SHA256

      1d67abe1ec08e6215e08d6bb595ade3d1d33d0e886edf887b29f4d8e1d46e593

    • SHA512

      ddaa21b661f448442df6556dec57429636e7aa6fa9ce4f098ac218cc702b301903c7bf254b9aee732a90561402b420d977be6bb7940bf49aa55e0e5f9991075e

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks