General

  • Target

    4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b.bin

  • Size

    500KB

  • Sample

    210105-re1v9glf3s

  • MD5

    83e1ca89bcd55a87f826bc6901ff7f3e

  • SHA1

    d0db4d232331234f0c430008a4320c0dea993c20

  • SHA256

    4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b

  • SHA512

    9d76d71119fa3256eb25fda06c54f1a51d547177156847ae140176868eb0d7ad41619e6bcb6dd24b523ef58cb3d5e3619172fc6868e1290fc3e956a6e136e6bc

Malware Config

Extracted

Family

mespinoza

Attributes
  • ransomnote

    Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://wqmfzni2nvbbpk25.onion/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.

Targets

    • Target

      4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b.bin

    • Size

      500KB

    • MD5

      83e1ca89bcd55a87f826bc6901ff7f3e

    • SHA1

      d0db4d232331234f0c430008a4320c0dea993c20

    • SHA256

      4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b

    • SHA512

      9d76d71119fa3256eb25fda06c54f1a51d547177156847ae140176868eb0d7ad41619e6bcb6dd24b523ef58cb3d5e3619172fc6868e1290fc3e956a6e136e6bc

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks