General
-
Target
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
Size
80KB
-
Sample
201021-l4bghzn2b2
-
MD5
8152a3d0d76f7e968597f4f834fdfa9d
-
SHA1
c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
-
SHA256
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
SHA512
eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
Static task
static1
Behavioral task
behavioral1
Sample
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Resource
win7
Behavioral task
behavioral2
Sample
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt
hakbit
potentialenergy@mail.ru
Extracted
C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt
hakbit
potentialenergy@mail.ru
Targets
-
-
Target
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
Size
80KB
-
MD5
8152a3d0d76f7e968597f4f834fdfa9d
-
SHA1
c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
-
SHA256
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
SHA512
eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation