General
-
Target
e4287e9708a73ce6a9b7a3e7c72462b01f7cc3c595d972cf2984185ac1a3a4a8.bin
-
Size
500KB
-
Sample
201125-gybfy944n2
-
MD5
eec3730b2b99f6fb23134d79681f5122
-
SHA1
425209b891142704462baf14048d0dd59d0c7561
-
SHA256
e4287e9708a73ce6a9b7a3e7c72462b01f7cc3c595d972cf2984185ac1a3a4a8
-
SHA512
420edeba0c699d8b04bf57300883a7e48e72a008484fe05453ef1b0edc14d8e97a1a15727f8de3e93ef16bf5472b91008a44a33ce0932ad4aeca21da8a90ffa0
Malware Config
Extracted
mespinoza
-
ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://wqmfzni2nvbbpk25.onion/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.
Targets
-
-
Target
e4287e9708a73ce6a9b7a3e7c72462b01f7cc3c595d972cf2984185ac1a3a4a8.bin
-
Size
500KB
-
MD5
eec3730b2b99f6fb23134d79681f5122
-
SHA1
425209b891142704462baf14048d0dd59d0c7561
-
SHA256
e4287e9708a73ce6a9b7a3e7c72462b01f7cc3c595d972cf2984185ac1a3a4a8
-
SHA512
420edeba0c699d8b04bf57300883a7e48e72a008484fe05453ef1b0edc14d8e97a1a15727f8de3e93ef16bf5472b91008a44a33ce0932ad4aeca21da8a90ffa0
Score10/10-
Mespinoza Ransomware
Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-