Overview

overview

10

Static

static

319fbb2dd2...d5.exe

windows7_x64

10

319fbb2dd2...d5.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5

  • Size

    12KB

  • Sample

    201203-2rjjtlt6be

  • MD5

    0a5e38ff165e9e78e58fd5b47b19b86a

  • SHA1

    d0cccb38776b7390bf8b0fc5ebe14a75b1dfa3ef

  • SHA256

    319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5

  • SHA512

    330c946e02bab30f4f33a6b246c0ad3d83438dddd1572d499aca2af5a1789714b81ba08729c2917ad8b6090ccb2b476d3a88f6bfd537ebd5a2f0e8ff9048ab67

Score
10/10
persistenceransomwarespyware

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-293278959-2699126792-324916226-1000\HOW TO DECRYPT FILES.txt

Ransom Note
Attention! All your files are encrypted! To restore your files and access them, please send an SMS with the text [email protected] You have 70 attempts to enter the code. When that number has been exceeded, all the data irreversibly is destroyed. Be careful when you enter the code! Price of private key and decrypt software is $50. Discount 50% available if you contact us first 72 hours, that�s price for you is $25. BTC Wallet: 37t6hwuzJbq6PtEgaxyS3AWyLS99qMGrt8 Bitcoin ee Transfer korte na parle Bkash ee Trasnfer korte parbn tk2500[3days] Contact me here: [email protected]
Wallets

37t6hwuzJbq6PtEgaxyS3AWyLS99qMGrt8

Targets

    • Target

      319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5

    • Size

      12KB

    • MD5

      0a5e38ff165e9e78e58fd5b47b19b86a

    • SHA1

      d0cccb38776b7390bf8b0fc5ebe14a75b1dfa3ef

    • SHA256

      319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5

    • SHA512

      330c946e02bab30f4f33a6b246c0ad3d83438dddd1572d499aca2af5a1789714b81ba08729c2917ad8b6090ccb2b476d3a88f6bfd537ebd5a2f0e8ff9048ab67

    Score
    10/10
    persistenceransomwarespyware

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks