birch_ragnarlocker

General
Target

birch_ragnarlocker

Completed

01-08-2020 02:12

Sample

200801-7lxn89dqex

SHA256

1602d04000a8c7221ed0d97d79f3157303e209d4640d31b8566dd52c2b09d033

Score
10 /10
Malware Config

Extracted

Path C:\Users\Public\Documents\RGNR_AC7AABB2.txt
Family ragnarlocker
Ransom Note
***************************************************************************************************************** HELLO Birch.com,Cbeyond ! If you reading this message, then your network was PENETRATED and all of your files and data has been ENCRYPTED Although your security measures already been BREACHED and your files were LOCKED, we was able to make a PENETRATION of your network AGAIN! by RAGNAR_LOCKER ! ***************************************************************************************************************** Your systems are very far from perfectly secured, so even after the first penetration you didn't fix and close vulnerabilities and we again have access to your network, it would be a big amazement in the news that you allowed second leakage! !!!!! WARNING !!!!! DO NOT Modify, rename, copy or move any files or you can DAMAGE them and decryption will be impossible. DO NOT use any third party or public decryption software, it also may damage files. DO NOT Shutdown or reset your system ------------------------------------- There is ONLY ONE possible way to get back your files - contact us and pay for our special decryption key ! For your GUARANTEE we will decrypt 2 of your files FOR FREE, as a proof of our capabilities Don't waste your TIME, the link for contacting us will be deleted if there is no contact made in closest future and you will never restore your DATA. HOWEVER if you will contact us within 2 day since get penetrated - you can get a very SPECIAL PRICE. WARNING ! We has downloaded a lot of your private Data, including your biling info, business licenses, credit info, finance reports, business audit, Banking information and many other interesting things! Also we have an personal correspondence and information about your clients and partners and even about your staff, there are some screenshots just as a proofs. https://prnt.sc/sfle2v http://prnt.sc/sflk1s http://prnt.sc/sflkc8 http://prnt.sc/sflkn2 Whole data gathered from your SECRET files and directories could be published for everyone's view and your partners, clients and investors would be notified about leak. However if we make a deal everything would be kept in secret and all your data will be restored. You can find post already published regarding LEAKS from your company and it would be updated about the SECOND LEAK in less than one MONTH ! Use Tor Browser to open the link: http://p6o7m73ujalhgkiv.onion/2020/03/18/leaks-from-communicate-giant/ ============================================================================================================== ! HERE IS THE SIMPLE MANUAL HOW TO GET CONTACT WITH US VIA LIVE CHAT ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! a) Download and install TOR browser from this site : https://torproject.org b) For contact us via LIVE CHAT open our website : http://rgngerzxui2kizq6h5ekefneizmn54n4bcjjthyvdir22orayuya5zad.onion/client/?6C3B93D0480953d13302f18DD4a6C0C4e59cDae6D4f88Ed5c98cE8fCD0F9D6cE c) For visit our NEWS PORTAL with your data, open this website : http://p6o7m73ujalhgkiv.onion/2020/03/18/leaks-from-communicate-giant/ d) If Tor is restricted in your area, use VPN When you open LIVE CHAT website follow rules : Follow the instructions on the website. At the top you will find CHAT tab. Send your message there and wait for response (we are not online 24/7, So you have to wait for your turn). ?���| *********************************************************************************** ---RAGNAR SECRET--- NkMzQjkzRDA0ODA5NTNkMTMzMDJmMThERDRhNkMwQzRlNTljRGFlNkQ0Zjg4RWQ1Yzk4Y0U4ZkNEMEY5RDZjRQ== ---RAGNAR SECRET--- ***********************************************************************************
URLs

https://prnt.sc/sfle2v

http://prnt.sc/sflk1s

http://prnt.sc/sflkc8

http://prnt.sc/sflkn2

http://p6o7m73ujalhgkiv.onion/2020/03/18/leaks-from-communicate-giant/

http://rgngerzxui2kizq6h5ekefneizmn54n4bcjjthyvdir22orayuya5zad.onion/client/?6C3B93D0480953d13302f18DD4a6C0C4e59cDae6D4f88Ed5c98cE8fCD0F9D6cE

Related Tasks

behavioral1behavioral2
Targets
Target

birch_ragnarlocker

MD5

3dabfb99101821ae0e89389a9c9d28a5

Filesize

49KB

Score
10 /10
SHA1

72b19c503a642770945355ea0dce96bf9d735f81

SHA256

1602d04000a8c7221ed0d97d79f3157303e209d4640d31b8566dd52c2b09d033

SHA512

131487a835f81a774b43155364a683b054b342c5176fe19264a4f9a510c6571532b1cb081011a09f733dee836192240cd36b419979832a601001b14ccbc5ff18

Tags

ransomware persistence ragnarlocker bootkit

Related Tasks