52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6

General

Target

6D12547772B57A6DA2B25D2188451983.bin
Size

111KB
Sample

200729-z8b4gz3sva
MD5

6d12547772b57a6da2b25d2188451983
SHA1

53af601afa0b69c771255a61559365cb34f72b8b
SHA256

52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6
SHA512

859e3e0d91c3f9fb157e438c7c6f091fe861e4bb1a2ad17f130a7f846fbde09959d63c605c6c1ac3697d4ad07ccd3ca457e103382867db7b41b40429e74c4d32

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HowToDecrypt.txt

Ransom Note

All data on your pc were encrypted with strongest encryption method. The only way to get your data back is to purchase unique key for you. * You can get cheaper price if you contact us as soon as possible. * After three days from now, it will be difficult to recover your data. Good Luck. contact following address: [email protected] [email protected]

Emails

[email protected]

Targets

- Target
  
  6D12547772B57A6DA2B25D2188451983.bin
- Size
  
  111KB
- MD5
  
  6d12547772b57a6da2b25d2188451983
- SHA1
  
  53af601afa0b69c771255a61559365cb34f72b8b
- SHA256
  
  52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6
- SHA512
  
  859e3e0d91c3f9fb157e438c7c6f091fe861e4bb1a2ad17f130a7f846fbde09959d63c605c6c1ac3697d4ad07ccd3ca457e103382867db7b41b40429e74c4d32
Score

10^/10

ransomware evasion spyware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Stops running service(s)
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
behavioral1 behavioral2