Overview

overview

10

Static

static

6

bd5ebf9632...65.exe

windows7_x64

10

bd5ebf9632...65.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    bd5ebf9632ad17e9a39393ab94ef055307ec053486fe703e2a614de391bc4a65

  • Size

    4.6MB

  • Sample

    200713-d1cpdz75as

  • MD5

    483b85e49e1b8c04b0e5414d7db80208

  • SHA1

    af430762aea6c3769d0ebedfd553cf22e0f223ac

  • SHA256

    bd5ebf9632ad17e9a39393ab94ef055307ec053486fe703e2a614de391bc4a65

  • SHA512

    3d9b5c2b2c045e0c0d50e053492c18677bfaf958e92a709ec89516624d0b308b8509c308a13626e18acf535dfd648260046000cedca2b00f303e874755145a66

Score
10/10
persistenceransomwarespyware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
Hello! All your files are encrypted and only we can decrypt them. Contact us: [email protected] or [email protected] Write us if you want to return your files - we can do it very quickly! The header of letter must contain extension of encrypted files. We always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com). Attention! Do not rename or edit encrypted files: you may have permanent data loss. To prove that we can recover your files, we am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups). HURRY UP! If you do not email us in the next 48 hours then your data may be lost permanently.

Targets

    • Target

      bd5ebf9632ad17e9a39393ab94ef055307ec053486fe703e2a614de391bc4a65

    • Size

      4.6MB

    • MD5

      483b85e49e1b8c04b0e5414d7db80208

    • SHA1

      af430762aea6c3769d0ebedfd553cf22e0f223ac

    • SHA256

      bd5ebf9632ad17e9a39393ab94ef055307ec053486fe703e2a614de391bc4a65

    • SHA512

      3d9b5c2b2c045e0c0d50e053492c18677bfaf958e92a709ec89516624d0b308b8509c308a13626e18acf535dfd648260046000cedca2b00f303e874755145a66

    Score
    10/10
    ransomwarepersistencespyware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks