Overview

overview

10

Static

static

Corporate_...in.exe

windows7_x64

10

Corporate_...in.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Corporate_Detail-June.2020.bin.zip

  • Size

    1.0MB

  • Sample

    200904-dmfqt5py2j

  • MD5

    13ad9f79e67ada70c3893c399ba25a45

  • SHA1

    f85e5f402787798505e21665882cfb3f3cd00fbf

  • SHA256

    1e642e196231550ebcd6cfb5d72bc30fa53118b2edb45690e176c4dfae1d7556

  • SHA512

    d4f09e9fb8a7af39c14e78eee5e57eca7dd0ebd3f08c2393e8c764a241a4725114ee46f0e3bd7eb4851766a343a6a49b3f77cbeff6638b5a8a863a696db20f0a

Score
10/10
smaugransomwarespyware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\HACKED.txt

Family

smaug

Ransom Note
Your files have been encrypted using military grade encryption. They can never be accessed again without buying a decryption key. You can buy the decryption key at http://smaugrwmaystthfxp72tlmdbrzlwdp2pxtpvtzvhkv5ppg3difiwonad.onion. To access the site you need Tor Browser. to view site you can download torbrowser here - https://www.torproject.org/download/ need help?support [email protected]
URLs

http://smaugrwmaystthfxp72tlmdbrzlwdp2pxtpvtzvhkv5ppg3difiwonad.onion

Targets

    • Target

      Corporate_Detail-June.2020.bin

    • Size

      1.3MB

    • MD5

      6b083c1bfd21eea2a3f18283f1f3c5f5

    • SHA1

      929b10f78565660535a07917d144d00b0c117571

    • SHA256

      f2363a355fe226cb2f7f1afa72daecc5edfe1cb0edc1295856fb3f874d941b6d

    • SHA512

      1ef2561ac5784bb90a1d39ab82f6f01122453bbe22cd55fa0a49aa534a7ece00c48b2bf1d31537e3fc5a447d1293bc23165c6a1fb00df2b3fda37a2eee62ee71

    Score
    10/10
    ransomwarespywaresmaug

    • Smaug

      Ransomware-as-a-service first seen marketed on forums etc. in early 2020.

      ransomwaresmaug

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • JavaScript code in executable

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks