5cde9226d6c85859acb22a31c175196775f60927706807ccea4146767b36f856

General

Target

6.exe_.zip
Size

10KB
Sample

201030-ch8c2ebwn6
MD5

75ca8bddb01a84aa3c578c2266a0e294
SHA1

4544fc1376677816a03fda6504ba07cda93624ef
SHA256

5cde9226d6c85859acb22a31c175196775f60927706807ccea4146767b36f856
SHA512

2b3ce00086b77288ecafdc2d407552a155185293cac6254a7a0eb2c41db81492c3919b6b05e84e733609147fbc73423cd3b7404430760bca2e30c0e734fbd98e

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\HELP_DECRYPT_YOUR_FILES.txt

Ransom Note

Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $200 worth of bitcoin to wallet: 3GDa7CcSjsW7Q29b16NiZ6DKxWauhJmKKq after payment,we will send you Decryptor software contact email: [email protected] Your personal ID: d09TwldPIleGCR2Y1zdbtIoE64jLQTrKMQfIhztxUqd4j3PCaIGCeNqrxj1ZBQa/MZd+ProqyE6NQmq7tOfrl4EtnfZn+5catCOgp8Rnohnq97ELsWjoUTXPdLejXeSbPOBXp804zv6pJuLtvO1LAfJ0qm1lMFCur0R9JSttCbA=

Emails

[email protected]

Wallets

3GDa7CcSjsW7Q29b16NiZ6DKxWauhJmKKq

Extracted

Path

C:\Users\Admin\Pictures\Camera Roll\HELP_DECRYPT_YOUR_FILES.txt

Ransom Note

Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $200 worth of bitcoin to wallet: 3GDa7CcSjsW7Q29b16NiZ6DKxWauhJmKKq after payment,we will send you Decryptor software contact email: [email protected] Your personal ID: MqawDKND1v+qQAUAM4WxE1CJILBXVt3GuBkCWV1tZxpInX4dxOZzY2Rp2wBmz7gfgv/FF5OX34S0zF/PL5OfgrXrNlqRpIQbmpD+8VgKY3/M5/LaqdICD0xr7W7ZCq3PNweIRzV2YppQEKbUxww9EuESQjV97v/0l1gySCm7YBk=

Emails

[email protected]

Wallets

3GDa7CcSjsW7Q29b16NiZ6DKxWauhJmKKq

Targets

- Target
  
  6.exe_
- Size
  
  26KB
- MD5
  
  0f0d5631cc8749e8a8a2f61ca909dcfc
- SHA1
  
  ee79e938a80d1d0a955899f56d5f8f37bee38de0
- SHA256
  
  e404f26379df9df89844dbd55120dccf383c3b793e0f08d84ee40f82d0cc334a
- SHA512
  
  5b1560a5029155519af379cf9d0cce82a0d96fe7fb6af3888310a83fd45ac32ee9dd110f43721cd2313cb33fee9739bf86470b3083c5c4b75a74837a19bc0b0c
Score

10^/10

evasion persistence ransomware trojan
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Modifies service
  persistence
behavioral1 behavioral2