32Bit.bin.zip

General
Target

32Bit.bin.zip

Size

9MB

Sample

200913-jegg8khgp2

Score
10 /10
MD5

fbff96658807e1f7108856b6579566f3

SHA1

901564760d06cefb6cd9d19b6c3df7aecb827976

SHA256

bf536ce5dda81ac7309daddf5116d8fe374656f04e65ca9d02751d0fc88c1228

SHA512

b23935545bbef08eff509aa251d335fdddb38c111db9c1e20d2b691c3fa9a6a78ca904ac40575abe8826525709b61280a94828118263b1a1fd64b075caa333e3

Malware Config

Extracted

Path C:\Users\Admin\Desktop\!! YOUR FILES HAS BEEN ENCRYPTED !!.txt
Family crypt32
Ransom Note
Your files has been encrypted by ransomware! and You can't decrypt with money. Please install heroes of the storm to decrypt your files. Attention: DO NOT TURN OFF YOUR PC! IF YOU TURNED OFF YOUR PC, YOU WON'T ABLE TO DECRYPT YOUR FILES! Emergency contact: BM-2cT4ifo6SY9QW7gPUJ4EvfeBrJM5jWR4TQ@bitmessage.ch Warning - Any attmpt of decryption file will delete your private key. 당신의 파일들은 랜섬웨어에 의해 암호화되었습니다. 그리고 돈을 줘도 풀 수 없습니다. 히어로즈 오브 더 스톰을 설치해서 파일들을 복호화하세요. 경고: PC를 끄지 마세요! PC를 끄면 파일을 복원할 수 없습니다! 긴급 연락 이메일: BM-2cT4ifo6SY9QW7gPUJ4EvfeBrJM5jWR4TQ@bitmessage.ch 경고: 복호화를 시도하면 파일들은 절대 다시 풀 수 없습니다.
Emails

BM-2cT4ifo6SY9QW7gPUJ4EvfeBrJM5jWR4TQ@bitmessage.ch

Targets
Target

32Bit.bin

MD5

62ecfb090d4512c4be0d8abb2d18a5a2

Filesize

9MB

Score
10 /10
SHA1

b4584b1f9e2d72c71515d07378aa4b584612fa49

SHA256

9f52465538d7c804116e77fab868a87c85d318ffc8970fe7e8a2c846d97a1f74

SHA512

68af16cf93f7043ecc5a46190a02e9335795675e8836148d6f7fa04934d0f3b6652d5b3e612f6ea6059d7380ebb9229dd3f24ac9b8505454d1a6f85914230438

Tags

Signatures

  • Crypt32 Ransomware

    Description

    Javascript Fan-extortionist malware which demands victims install Heroes of the Storm instead of a monetary ransom. Uses Crypto-JS library for encryption.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • JavaScript code in executable

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10