076a432d5448cb7d5f7c235a77b4535b6e90ae56abc3c13e2c3c7815bab40898

General

Target

Cyborg Builder Ransomware V 1.0.7z
Size

2.4MB
Sample

201124-jt8mhn46hx
MD5

e3adcb8c860a4e0425ef1ff7a769ba6a
SHA1

7e251fa01e11a7240856c4934714b40b9ef519ef
SHA256

076a432d5448cb7d5f7c235a77b4535b6e90ae56abc3c13e2c3c7815bab40898
SHA512

b2cc808a15d3b66b8b3ec03bb5ce51f26d4032113bda0bda4d7a18bb69218cfaa625409f318cbc1905b1dbb303b24c28ce9f58723c12222655810a87688014de

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\Cyborg_DECRYPT.txt

Ransom Note

------------------------ ALL YOUR FILES ARE ENCRYPTED BY CYBORG RANSOMWARE ------------------------ Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send one of your encrypted file and we decrypt it for free. You must follow these steps To decrypt your files : 1) Send $500 bitcoin to wallet :bnar4p9anklap09ahg7aghak6gabai8a 2) write on our e-mail :cyborg-protonmail.com Your personal ID :NP2M97NJ17L3AFR8KP0OQ2L9RJQKMRCMRN1CRC2LAN991RR0O3

Targets

- Target
  
  Cyborg Builder Ransomware V 1.0.exe
- Size
  
  2.5MB
- MD5
  
  5ad1631fe97a0345cbccf8802468fa7a
- SHA1
  
  8599c32e71d39bbd89b7fcae419fdf4619a6d2f3
- SHA256
  
  7f5efdf9e9273ed21f90bb095a34140e70d6f38d074c3f0aebfa2e919d4a82cc
- SHA512
  
  2acd63d433d33d5a98710da732cddc873655f97848fa4f9672632f956f14e594da96a0e63af39fcf948cc078eb44ea26e424af6eabb771c4acdb97e4f7150814
Score

10^/10

ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2