b24138773df4528b653442a1640a3f480a3172015c6fe1997979d5a52a85e8dd

General

Target

pewpew_p.bin.zip
Size

1.0MB
Sample

200922-vpaskbkcsa
MD5

3f8bf33a6b177c777c6d194aab965827
SHA1

cde28ce94fb3525ce78e2415e13d015f89809a9c
SHA256

b24138773df4528b653442a1640a3f480a3172015c6fe1997979d5a52a85e8dd
SHA512

3a042b18dde83b5787f817a6331d3d08af6d00d469e362ed5ae2a67713255fe72b3574dc7473fe5dce7c690c09559b10d2679b3f6f2881453ea60c01725def46

Score

10^/10

Malware Config

Extracted

Path

C:\info-decrypt.txt

Ransom Note

All your files have been encrypted ! ( All your files have been encrypted with AES256 + RSA2048 Algorithm due to a security problem with your PC ) - If you want to restore them, write us to the e-mail : [email protected] - Write this ID in the title of your message : F86B013E - If you do not receive a response within 12 hours, send a message to this email : [email protected] ( You have to pay for decryption in Bitcoins ) - The price depends on how fast you write to us. - After payment we will send you the decryption tool that will decrypt all your files. ( Free decryption as guarantee ) - Before paying you can send us up to 1 file for free decryption. - The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) ( How to obtain Bitcoins ) - The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. - https://localbitcoins.com/buy_bitcoins - Also you can find other places to buy Bitcoins and beginners guide here: - http://www.coindesk.com/information/how-can-i-buy-bitcoins/ - [ pewpew TEAM ]

Emails

[email protected]

Extracted

Path

C:\info-decrypt.txt

Ransom Note

All your files have been encrypted ! ( All your files have been encrypted with AES256 + RSA2048 Algorithm due to a security problem with your PC ) - If you want to restore them, write us to the e-mail : [email protected] - Write this ID in the title of your message : F822B9BB - If you do not receive a response within 12 hours, send a message to this email : [email protected] ( You have to pay for decryption in Bitcoins ) - The price depends on how fast you write to us. - After payment we will send you the decryption tool that will decrypt all your files. ( Free decryption as guarantee ) - Before paying you can send us up to 1 file for free decryption. - The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) ( How to obtain Bitcoins ) - The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. - https://localbitcoins.com/buy_bitcoins - Also you can find other places to buy Bitcoins and beginners guide here: - http://www.coindesk.com/information/how-can-i-buy-bitcoins/ - [ pewpew TEAM ]

Emails

[email protected]

Targets

- Target
  
  pewpew_p.bin
- Size
  
  1.0MB
- MD5
  
  202bf9be9a4e45526e482f08104717ad
- SHA1
  
  1e5bbfb9167150935c6eb25bbbebbe5c77a97aa2
- SHA256
  
  7282df1360af4c028930ffd9fbc30ea9d17f08f14b725f8020677dd9df961c55
- SHA512
  
  89db20536030f28af5997d4b93e90ead0ccd7299d6777d422159a0a41b658274743a390fed1a9f942b668f4f04afd1119e7b4a41356b10ea37393c8b5e05f5ea
Score

10^/10

ransomware spyware persistence evasion
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies Windows Firewall
  evasion
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Modifies service
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2