smaug

General

Target

Corporate_Detail-June.2020.exe
Size

1.3MB
Sample

200813-xm6rn3yqv2
MD5

6b083c1bfd21eea2a3f18283f1f3c5f5
SHA1

929b10f78565660535a07917d144d00b0c117571
SHA256

f2363a355fe226cb2f7f1afa72daecc5edfe1cb0edc1295856fb3f874d941b6d
SHA512

1ef2561ac5784bb90a1d39ab82f6f01122453bbe22cd55fa0a49aa534a7ece00c48b2bf1d31537e3fc5a447d1293bc23165c6a1fb00df2b3fda37a2eee62ee71

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\HACKED.txt

Family

smaug

Ransom Note

Your files have been encrypted using military grade encryption. They can never be accessed again without buying a decryption key. You can buy the decryption key at http://smaugrwmaystthfxp72tlmdbrzlwdp2pxtpvtzvhkv5ppg3difiwonad.onion. To access the site you need Tor Browser. to view site you can download torbrowser here - https://www.torproject.org/download/ need help?support [email protected]

Emails

[email protected]

URLs

http://smaugrwmaystthfxp72tlmdbrzlwdp2pxtpvtzvhkv5ppg3difiwonad.onion

Targets

- Target
  
  Corporate_Detail-June.2020.exe
- Size
  
  1.3MB
- MD5
  
  6b083c1bfd21eea2a3f18283f1f3c5f5
- SHA1
  
  929b10f78565660535a07917d144d00b0c117571
- SHA256
  
  f2363a355fe226cb2f7f1afa72daecc5edfe1cb0edc1295856fb3f874d941b6d
- SHA512
  
  1ef2561ac5784bb90a1d39ab82f6f01122453bbe22cd55fa0a49aa534a7ece00c48b2bf1d31537e3fc5a447d1293bc23165c6a1fb00df2b3fda37a2eee62ee71
Score

10^/10

ransomware smaug spyware
- Smaug
  Ransomware-as-a-service first seen marketed on forums etc. in early 2020.
  ransomware smaug
- Drops file in Drivers directory
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- JavaScript code in executable
- Drops file in System32 directory
behavioral1