Overview

overview

10

Static

static

6

602c753ee7...a9.exe

windows7_x64

10

602c753ee7...a9.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    602c753ee7337a5398df34b82238dd243d6afc9aa0f2d6e75f9d5a98cb609aa9

  • Size

    4.6MB

  • Sample

    200713-va91h9hw4s

  • MD5

    1d3e630e85d4055a6b00bf588f30af21

  • SHA1

    64658fd77ddcb9496d2c6a6f174210010bbcdf54

  • SHA256

    602c753ee7337a5398df34b82238dd243d6afc9aa0f2d6e75f9d5a98cb609aa9

  • SHA512

    0fe39d9fdfc317c5fbbafa7dab5380be6daac8e9cee54df4814e976b8d4a95db45e1259b2a99f1a451dc2a8d4c1435bc9134e13a6ead2df6c812c4a128236246

Score
10/10
persistenceransomwarespyware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
Hello! All your files are encrypted and only I can decrypt them. Contact me: [email protected] Write me if you want to return your files - I can do it very quickly! The header of letter must contain extension of encrypted files. I'm always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com). Attention! Do not rename or edit encrypted files: you may have permanent data loss. To prove that I can recover your files, I am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups) HURRY UP! ! ! ! If you do not email me in the next 48 hours then your data may be lost permanently ! ! !

Targets

    • Target

      602c753ee7337a5398df34b82238dd243d6afc9aa0f2d6e75f9d5a98cb609aa9

    • Size

      4.6MB

    • MD5

      1d3e630e85d4055a6b00bf588f30af21

    • SHA1

      64658fd77ddcb9496d2c6a6f174210010bbcdf54

    • SHA256

      602c753ee7337a5398df34b82238dd243d6afc9aa0f2d6e75f9d5a98cb609aa9

    • SHA512

      0fe39d9fdfc317c5fbbafa7dab5380be6daac8e9cee54df4814e976b8d4a95db45e1259b2a99f1a451dc2a8d4c1435bc9134e13a6ead2df6c812c4a128236246

    Score
    10/10
    ransomwarespywarepersistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks