Photo-125-137.jpg.scr.zip

General
Target

Photo-125-137.jpg.scr.zip

Size

13KB

Sample

201103-yqdbwpye9x

Score
10 /10
MD5

671ee9d73d4b0bff89c934ecf24e4703

SHA1

86f105663a68c27bccb3889c48665c0561d0d056

SHA256

9a29568fb06b15f7a2f3f89474c27141965b0cf824c4cfbd9e2a97585fd1de1e

SHA512

d7f16c6d8e4332de77c2c53ccc0e8f73708f8e78fb274a76d2c25b38471f13a15e9dff6c1096f34676de63b48b69e2af09367530a1f1e31039c4ef28b3db8c4d

Malware Config

Extracted

Path C:\4281278655928\Read_Me.txt
Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://25xb3kc6azicbbuo.onion/?NDSIYNDS 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/
URLs

http://25xb3kc6azicbbuo.onion/?NDSIYNDS

http://helpqvrg3cc5mvb3.onion/

Extracted

Path C:\7129197363678\Read_Me.txt
Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://25xb3kc6azicbbuo.onion/?XPQSTVXY 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/
URLs

http://25xb3kc6azicbbuo.onion/?XPQSTVXY

http://helpqvrg3cc5mvb3.onion/

Targets
Target

Photo-125-137.jpg.scr

MD5

16ce76113dfce837053c655053129aee

Filesize

13KB

Score
10 /10
SHA1

13f726b49edf5975962979a00747dda1303accb1

SHA256

59afd802f051196913f08d88343bdeeb92ba957a4b123844a521e9c4e238d1fb

SHA512

4d284260cf3aaa0a8e460bf3da1aa18984b8c29caa9e6f81ba5246a58f26148f35b48accdff3bd458432a6398d40c74c1a3b6589c3d8eaaafc6e26d2f4d8cd75

Tags

Signatures

  • Phorphiex Worm

    Description

    Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Executes dropped EXE

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation