Overview

overview

10

Static

static

69c56d12ed...6b.exe

windows7_x64

10

69c56d12ed...6b.exe

windows10_x64

10

Resubmissions

11-09-2022 15:45

220911-s66x8sffap 10

21-10-2020 17:56

201021-l4bghzn2b2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b

  • Size

    80KB

  • Sample

    201021-l4bghzn2b2

  • MD5

    8152a3d0d76f7e968597f4f834fdfa9d

  • SHA1

    c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e

  • SHA256

    69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b

  • SHA512

    eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4

Score
10/10
hakbitransomwarespyware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note
To recover your data contact the email below potentialenergy@mail.ru Key Identifier: M13QXKon7C2hkmKC2rgNCHGj5mjFsrhjl+ySO6RMmlJPOxmPQlUIJq2A78fYplgtNaKD0yMxcUuZ4Xhc6NjsXaRiUda+D9j2akL4mdsBmcdpDY/oBfmrGkd/F7D2XYLWs+BrcrGuTNuJkT2MrA9ClBuFN+Qn4imadXWf83wdDThSgRupEt8+3no5Q04HrGM1psRfpqWz1LLmjSKkSojdEtcwpmMul1OTxbtGcy2kVFcnk8+J6bflIhtnwJiauBC0+N7hmGE22aR24kFhZLzlU7e07AwuMa0LBp8Rm+XqLJD/01WUAYDTjv4L+6rmFPXyQx5dl+DE6eJ0yYbH0V5ufZ11q/Ifol3niHIo2ZtDJTdMpPlyH9no4/GU2Yf90GPSozBVGh3c5W4PR3AwMjWXKfX1Zh8acH6BeVJHVbiXLznCsGZNo5PVCkEVH64d39d3HEzN3mA6WUipKiA0dbTxyIyw+gf5hBScbsidlnxhCu9GS95p6hmdR1t8Lskc3vUP1zgrq+G89FCqvipwMN1MiABUhTHyMLvkl3HfmL7EutwJX8JnJPJqnI98nFG1rNx9dIe8Xo1MaiAmq0j61XJTpOe42Ll7+Ui+LooUHbMbpBJ/BUBaaRkdHZId+52teVRQ9wHoLtis+ZqcLt9u4U2GQJHQam7O/N99JxI0quEElNc= Number of files that were processed is: 406
Emails

potentialenergy@mail.ru

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note
To recover your data contact the email below potentialenergy@mail.ru Key Identifier: BlDLIs4wzgDoTYIEMMCvweBKQMXgNYDM9ggNJQgtZzjpRuLtkCHG5p7iVoU/LG9TeH623icJzMryxecZlwnGkjZNupY5CL6nC/En+NpYtGKgHgUR5ZL83odx4bFs/rF6ZxqWxrC8X9+JZ88sm/37IAb1dp9CnSae01HuaWsmD2gt/L34ysM/0bXFqMEKkmnCZFt0V1P3LpSMszf7XvRCUi/XW403bjsTv/HtW8wu/AtnvP49tu19hOuFbw8D4yhgMuD++XNq+gSl/uuewL2kBtMeZQeULo0Lpvc1AZ7GObTXObHBuvrxnrNjx3XCt9yEiLi2qkuX7wTrP+mtfvwOplEeRjffx5/oshpgrIf/AJuMOrfeHWW/SDmX4Va/e0d+800rY58aT04X6Vz39OUMh8rgB5q4IUqT8QWWv66Rh/hpjcjCqZSUFUZDZvwe1C0zChYOeSZSnl623VekCeq+YzSgwU3SdNrchIvwW4Ob/LsJ0qIeHN3mvVlyh2RH3mPdojiL6WJHEYR8oRyhC2aSvwGGYHAlrj8Hqg7+MAvCbhrOKLJE4VA2jkggkm3g3keytAlWafs0Udr/SO945dMPIigrzbrsQDvUFNTU4G0CXnsojb4wwRA9Qim8zH8OTJ6u3Bhg/Xt5VPWytqACHOK7s/PApIBsfcjeTrjhS6RHp1Y= Number of files that were processed is: 1230
Emails

potentialenergy@mail.ru

Targets

    • Target

      69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b

    • Size

      80KB

    • MD5

      8152a3d0d76f7e968597f4f834fdfa9d

    • SHA1

      c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e

    • SHA256

      69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b

    • SHA512

      eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4

    Score
    10/10
    hakbitransomwarespyware

    • Hakbit

      Ransomware which encrypts files using AES, first seen in November 2019.

      ransomwarehakbit

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Data from Local System

1
T1005

Command and Control

Credential Access

Credentials in Files

1
T1081

Defense Evasion

Discovery

Remote System Discovery

1
T1018

System Information Discovery

1
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks