tongda | 7d6d085ca3c09ae099e8fc4822281dfc0e68607ca840ff5e5305bdc4d7f251e2

General

Target

7f05bf6fd7f5c5bfe0c201d73029439b228bc4d729306f7cea8077f03292fe63.zip
Size

1.6MB
Sample

200718-3bkjckhrhn
MD5

346e52b1a3038f87ecc1a6ab19ecc6ee
SHA1

3e2c1fc4b99503792cf3993fafbc8bfd418f7652
SHA256

7d6d085ca3c09ae099e8fc4822281dfc0e68607ca840ff5e5305bdc4d7f251e2
SHA512

14b56c27869431406956965558c586f5a03932907f5dc674ab133a522ef4d4c889d391acc59738347e485e4524b43e6a126a5c37550bda659d3d50443477674a

Score

10^/10

Malware Config

Extracted

Path

C:\readme_readme_readme.txt

Family

tongda

Ransom Note

send 0.3 bitcoin to 12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p screenchot and key send to [email protected] and [email protected] key:QI53WswlGWXCcXpoy1tUrk6xV+8PrIrwz9HHffkjNMjIkcJ1eYoN97bdkM2qRhusV1rCOvlGIcllPUVpjzKxkOmMmTJHIfWUSqZNX3ZZJY884S+n5NdP92jTEHS6uGUDFYSCDAtqHH7UX+T8c5ur2JIu3X2BA5rwOjuHd6P0dlduSOZ3q/Hm6/4qJDRB33pD+OPfNJBkZTVhHkdTTnw4mTf6p9uaYgSqjR/LzrFtyXzA7x66QkM83SLmpe/p77S9MjBqdEwLaF/5iLlpgnc70cBdWQivnSLDOXRI/dQKC/MYuLn4FH2P2/YHTj+Rl7QmJq6E9mCNwDrovtXLAitf2A==

Emails

[email protected]

Wallets

12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p

Extracted

Path

C:\readme_readme_readme.txt

Family

tongda

Ransom Note

send 0.3 bitcoin to 12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p screenchot and key send to [email protected] and [email protected] key:P0lzmrgTOFAPMbeaS8HW7EgsiiP7tuiSoQWE0YOet+51vmH1wmQWy6mGWZbTeLHUqkpZwncr8E20eYEvzv6cabWCorICDeQGMuyWUpJlTHZ+Z7iAZRv0zAPTd2YEoPEvfz8BGi1atZOSzgY6oYRfT1auVFiJSMkDxqfGP0zKy/0S7taQWS8QyvZronGLqp+NXYnTc7hRxOE1pFSIHuWmfB64Lsp2u/otKAVDFnS3kdOE6oOLCKQv/wtO2IFke0YUOOqZvxoAJLUzAZP8lwAcYgmbyErSRTqxmgAMYRvxuUrogSsOZwZO9QS2NfrvqYoimSo8r25eFDs5imNVMjg8Ug==

Emails

[email protected]

Wallets

12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p

Targets

- Target
  
  7f05bf6fd7f5c5bfe0c201d73029439b228bc4d729306f7cea8077f03292fe63
- Size
  
  2.9MB
- MD5
  
  fdc4436fa5700e2ff984d25dfcb19a72
- SHA1
  
  d6503f42be986ef42fe20c39309111bad7602403
- SHA256
  
  7f05bf6fd7f5c5bfe0c201d73029439b228bc4d729306f7cea8077f03292fe63
- SHA512
  
  a21a29ae37488ceb331405c1f53fa8e795dc1744561fa57352c1dadbc82e01e0bdd2f3b5c03a1dcf3f0d7dfb71670cf0be88d702b8757c3b83ba592212d59cc1
Score

10^/10

ransomware spyware tongda
- Tongda 2000
  Ransomware targetting the Chinese office management software Tongda OA.
  ransomware tongda
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Tongda 2000

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2