acfa59b94beebb0f9c4dd6a4c21586b9648808629624612c53d099df388eadd3

General

Target

XINOF4.2.1.exe
Size

379KB
Sample

201030-q1yd4mkga6
MD5

b33099e43bc639110baab265f19eaab8
SHA1

17b5517634e881ab6e832476c6c9d8702941dde1
SHA256

acfa59b94beebb0f9c4dd6a4c21586b9648808629624612c53d099df388eadd3
SHA512

ce777ff2247a56c2b1e44eb3dd7affa423022bc81fb3058f8041fa64e63032771b9ae46499d3d0e62111968c665e104ee4e1fa3aefd858cc81df6e3037366b22

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\How To Decrypt Files.hta

Ransom Note

All of your files have been encrypted! to DELETE all of your files... to avoid any problem READ THIS HELP CARFULLY All your files have been encrypted due to a security problem with your PC. If you want to restore them, please send an email to [email protected] The crypter person username : satan your SYSTEM ID is : FA58F987 You have to pay for decryption in Bitcoin. The price depends on how fast you contact us. After payment we will send you the decryption tool. You have to 48 hours(2 Day) To contact or paying us After that, you have to Pay Double . in case of no answer in 6 hours email us at = [email protected] Attention! DO NOT pay any money before decrypting the test files. DO NOT trust any intermediary. they wont help you and you may be victim of scam. just email us , we help you in any steps. DO NOT reply to other emails. ONLY this two emails can help you. Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. If the payment is not done after decryption, report the username to support email(along with evidence such as Transfer ID) What is our decryption guarantee? Before paying you can send us up to for free decryption. The total size of files must be less than 2Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site.You have to register, click 'Buy bitcoins', and select the seller by payment method and price.https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ You only have LIMITED time to get back your files! if timer runs out and you dont pay us , all of files will be DELETED and yuor hard disk will be seriously DAMAGED. you will lose some of your data on day 2 in the timer. you can buy more time for pay. Just email us . THIS IS NOT A JOKE! you can wait for the timer to run out ,and watch deletion of your files :) Regards-FonixTeam

Emails

[email protected]

Targets

- Target
  
  XINOF4.2.1.exe
- Size
  
  379KB
- MD5
  
  b33099e43bc639110baab265f19eaab8
- SHA1
  
  17b5517634e881ab6e832476c6c9d8702941dde1
- SHA256
  
  acfa59b94beebb0f9c4dd6a4c21586b9648808629624612c53d099df388eadd3
- SHA512
  
  ce777ff2247a56c2b1e44eb3dd7affa423022bc81fb3058f8041fa64e63032771b9ae46499d3d0e62111968c665e104ee4e1fa3aefd858cc81df6e3037366b22
Score

10^/10

discovery evasion persistence ransomware spyware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies service
  persistence
behavioral1