0AACF2C41BA9B872A52055FFCAEAEF15

General
Target

0AACF2C41BA9B872A52055FFCAEAEF15

Size

77KB

Sample

201029-wrhynhybq6

Score
10 /10
MD5

0aacf2c41ba9b872a52055ffcaeaef15

SHA1

c09b509699aeef71f3e205d53c5f4ff71cb48570

SHA256

31630d16f4564c7a214a206a58f60b7623cd1b3abb823d10ed50aa077ca33585

SHA512

d259de51d22d72d27d5947530317661b97ba8fcc36e7a2ad4835e98bc311ef1aa5964f939660733171934f6aefa82d8b76a6f9f04137e1aeca63d592f0fb26ec

Malware Config

Extracted

Path C:\Users\Admin\Desktop\RecoveryManual.html
Family mountlocker
Ransom Note
Your ClientId: /!\ YOUR COMPANY' NETWORK HAS BEEN HACKED /!\ All your important documents have been encrypted and transferred to our premises! ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. However there is a solution for your problem! We can support you with your data decryption for a monetary reward. Also we will destroy your private data from our premises. And we can prove our decryption capabilities by decrypting couple of your files free of charge. Here are the next steps to get your valuable data back and get it wiped out from our premises: http://qiludmxlqqotacf62iycexcohbka4ezresf5jmwdoh7iyk3tgguzaaqd.onion/?cid=d11ebd6225c2dd096733ff8dad28b64321dc827ac5a37515abe00375993d6d3b * Note that you need installed Tor Browser to open this kind of links. Follow the instructions to install/run Tor Browser: 1. Go to TOR Project website https://www.torproject.org using your usual browser (Chrome, Firefox, Internet Explorer or Edge) 2. Click "Download Tor Browser" and pick right version for your Operation System (this is Windows in 99.9% of cases) 3. Download and Install Tor Browser 4. After installation finished, click on "Tor Browser" link from your Desktop 5. By using Tor Browser visit http://qiludmxlqqotacf62iycexcohbka4ezresf5jmwdoh7iyk3tgguzaaqd.onion/?cid=d11ebd6225c2dd096733ff8dad28b64321dc827ac5a37515abe00375993d6d3b 6. Copy your client id from the top of this document and paste it into Authorization window if requested 7. This will start a chat with our security experts. Please note, sometimes our team is away from keyboard, but make sure they will reply you back as soon as possible. Also, we kindly request you to contact with us as soon as possible. We will start publishing your private data to the Internet if you don't get in touch with us within next few days.
URLs

http://qiludmxlqqotacf62iycexcohbka4ezresf5jmwdoh7iyk3tgguzaaqd.onion/?cid=d11ebd6225c2dd096733ff8dad28b64321dc827ac5a37515abe00375993d6d3b

Extracted

Path C:\Users\Admin\Desktop\RecoveryManual.html
Family mountlocker
Ransom Note
Your ClientId: /!\ YOUR COMPANY' NETWORK HAS BEEN HACKED /!\ All your important documents have been encrypted and transferred to our premises! ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. However there is a solution for your problem! We can support you with your data decryption for a monetary reward. Also we will destroy your private data from our premises. And we can prove our decryption capabilities by decrypting couple of your files free of charge. Here are the next steps to get your valuable data back and get it wiped out from our premises: http://qiludmxlqqotacf62iycexcohbka4ezresf5jmwdoh7iyk3tgguzaaqd.onion/?cid=d11ebd6225c2dd096733ff8dad28b64321c29f68dfb06303abe00375993d6d49 * Note that you need installed Tor Browser to open this kind of links. Follow the instructions to install/run Tor Browser: 1. Go to TOR Project website https://www.torproject.org using your usual browser (Chrome, Firefox, Internet Explorer or Edge) 2. Click "Download Tor Browser" and pick right version for your Operation System (this is Windows in 99.9% of cases) 3. Download and Install Tor Browser 4. After installation finished, click on "Tor Browser" link from your Desktop 5. By using Tor Browser visit http://qiludmxlqqotacf62iycexcohbka4ezresf5jmwdoh7iyk3tgguzaaqd.onion/?cid=d11ebd6225c2dd096733ff8dad28b64321c29f68dfb06303abe00375993d6d49 6. Copy your client id from the top of this document and paste it into Authorization window if requested 7. This will start a chat with our security experts. Please note, sometimes our team is away from keyboard, but make sure they will reply you back as soon as possible. Also, we kindly request you to contact with us as soon as possible. We will start publishing your private data to the Internet if you don't get in touch with us within next few days.
URLs

http://qiludmxlqqotacf62iycexcohbka4ezresf5jmwdoh7iyk3tgguzaaqd.onion/?cid=d11ebd6225c2dd096733ff8dad28b64321c29f68dfb06303abe00375993d6d49

Targets
Target

0AACF2C41BA9B872A52055FFCAEAEF15

MD5

0aacf2c41ba9b872a52055ffcaeaef15

Filesize

77KB

Score
10 /10
SHA1

c09b509699aeef71f3e205d53c5f4ff71cb48570

SHA256

31630d16f4564c7a214a206a58f60b7623cd1b3abb823d10ed50aa077ca33585

SHA512

d259de51d22d72d27d5947530317661b97ba8fcc36e7a2ad4835e98bc311ef1aa5964f939660733171934f6aefa82d8b76a6f9f04137e1aeca63d592f0fb26ec

Tags

Signatures

  • MountLocker Ransomware

    Description

    Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Discovery
      Execution
        Exfiltration
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks