57594f717e61f16279700e7f364b2856ac853b7d76f284621e3aa46d3f7faa3c

General

Target

inn.bin.zip
Size

71KB
Sample

201031-gfwj9pf69j
MD5

e4c873a35b1ad2db6ecb4734c20b1b8e
SHA1

0cfd45a935c5e40271bd65b8937d05fae603ce20
SHA256

57594f717e61f16279700e7f364b2856ac853b7d76f284621e3aa46d3f7faa3c
SHA512

49e72176277b86e98920aa6db744b2dd2f700d857b6db06982cd6ba3df503a441ce6d612626ad70ad0254a0ace5bb836fb7cb17bc3069178faa6f8f8ffc36afc

Score

10^/10

persistence ransomware

Malware Config

Extracted

Path

C:\Boot\bg-BG\read_me_lkd.txt

Ransom Note

Hello Technology and Strategy! All your fileservers, HyperV infrastructure and backups have been encrypted! Trying to decrypt or modify the files with programs other than our decryptor can lead to permanent loss of data! The only way to recover your files is by cooperating with us. To prove our seriousness, we can decrypt 1 non - critical file for free as proof. Contacts: [email protected] [email protected]

Emails

[email protected]

Targets

- Target
  
  inn.bin
- Size
  
  155KB
- MD5
  
  af568e8a6060812f040f0cb0fd6f5a7b
- SHA1
  
  e7f0c17b338d78c4f8b82b032af9f81828512b30
- SHA256
  
  3ae7bedf236d4e53a33f3a3e1e80eae2d93e91b1988da2f7fcb8fde5dcc3a0e9
- SHA512
  
  2c44272dcf130a95ea0e83fa02d2629edecf94b16452127f2e177f00f4bf48f2e306ec53b28d2005a27e8b683dc683fb54146a711233aa1e1c4256a9e4ac979b
Score

10^/10

persistence ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies extensions of user files

Modifies service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2