Overview

overview

10

Static

static

6

e50d52fbac...20.exe

windows7_x64

10

e50d52fbac...20.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e50d52fbac295a37f0ed0b724d4ddafca8c86bcd2391b4c481d51d5e279afd20

  • Size

    4.6MB

  • Sample

    200713-a751hw8tr6

  • MD5

    ea8531d407c28f4ef6d2ef5bc9b41ff8

  • SHA1

    4f3d19c9be52aa58c338bfec0db33dc07f957521

  • SHA256

    e50d52fbac295a37f0ed0b724d4ddafca8c86bcd2391b4c481d51d5e279afd20

  • SHA512

    8e09cf0e2d70b2e9bc2515e36725560db0bef688931c73df457739e46f835cea01a18b76035e94d8571be88055c520151f90aabf067d61467c99dab1e494d3ce

Score
10/10
persistenceransomwarespyware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
Hello! All your files are encrypted and only I can decrypt them. Contact me: [email protected] or [email protected] Write me if you want to return your files - I can do it very quickly! The header of letter must contain extension of encrypted files. I'm always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com). Attention! Do not rename or edit encrypted files: you may have permanent data loss. To prove that I can recover your files, I am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups) HURRY UP!

Targets

    • Target

      e50d52fbac295a37f0ed0b724d4ddafca8c86bcd2391b4c481d51d5e279afd20

    • Size

      4.6MB

    • MD5

      ea8531d407c28f4ef6d2ef5bc9b41ff8

    • SHA1

      4f3d19c9be52aa58c338bfec0db33dc07f957521

    • SHA256

      e50d52fbac295a37f0ed0b724d4ddafca8c86bcd2391b4c481d51d5e279afd20

    • SHA512

      8e09cf0e2d70b2e9bc2515e36725560db0bef688931c73df457739e46f835cea01a18b76035e94d8571be88055c520151f90aabf067d61467c99dab1e494d3ce

    Score
    10/10
    ransomwarespywarepersistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks