General
-
Target
DoppelPaymer.RANSOM.bin
-
Size
3.2MB
-
Sample
210203-c3v64mp6cs
-
MD5
8c54bbe3f191a8627bfeeb4cb02634a9
-
SHA1
2fc2ecbed153344557386e80a2fbd097bf795559
-
SHA256
f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555
-
SHA512
752d4bb22765373f7ee185acc42b73d5f2b75ae46ed995bf2f59486038a512eca30c5ecf040541cc2833df005ee17db00a0ec5ae802b677ff468f256ea53ecd2
Score
10/10
Malware Config
Extracted
Path
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
CAAAAAg00SpH7JgvAQIAABBmAAAApAAA7+zsrapb7m1ds+EH1zTLtBdzV/+SGnH/d/ms9JIvU31m
D5NCRyQXtkxh9dvNFBonEuZ3NQrerYJzclNaXlI3L+R5YV10+uqbi+grdYaUgat2t2YZYOtvBUKB
Fi+j0ytypRML3ZfgeWwFsonI55skDMVFQubAyvxwOfvtv7Sv/acj7VZAPEqclpBRoImWfJHutQ30
HP/I5Wipp7L7Oyul6huKRrVoUO1jqWQJakrkiT6Kqg+Ts/5M+u3YGlnkh5v0tlG0AgfY7SlPpY5F
ucwxpfT8NgP80H8zzfYEPnWc/xjT9xmu8SVanz7LBEB28y8z7jpeqwF1pgcc+jPGTRbipA==
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2010_x64.log.html.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
DgAAAKRQzQpd/4X+Gbnsba2kAQIAABBmAAAApAAAySGkOnx7eeSJx+BkSc4xrgKbXk4zzIMr5VFs
XB02e77zxHvcKBPTin2mJ6rWIYruymih58ft8ahGbMIq2Yl1x/YCYpKU9ZbAdL2BB4qAqQ+HoMmw
pPDrxbOmi6KLsyxx7IXfseZIxM+hZ1SnODGnzWyyimXSGX9PgbiaKdcF/6fhZSZfHMOMkJNf+uiR
usGDE19QpJyotNAcPxRNDnVCWDUelgZIYWHkr9c5tnCdZc3q2go5CqxpPX4fKtWS+GEzd7gNNlOV
qdn6pgrnBTmBsV3VZYJDhyIhXgBtm5tfQTZfM/LVIRUlVGlc7ROp80T8+TleI5EMUscI5mvDrrFE
pQ==
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
AgAAADinAQIAABBmAAAApAAANrby/ZVD8o7iEe2cvn80L57z6pA8c2A8Lb73lnwkKrmvAnnbJxYg
xd9Rd2TtXQVbO8P78zFvq+14Mnk/B0VPGmaat4bI6FruESkpkqZN8W7Ajqe2U0u147DCdO7yzq8a
ZvtRB7ITwlMA69773ME+cCM4zZAB7I7gfVVhuZ4mGIAMcxo1LG/lceE4/FL1+BEawcUQufCi1C5P
D9cDwRLBWFgAvQKGg/pRFLVU/8xWfXobMDjvYtS8POCpEop1VGZibYgN2Dt59mvNccIu+zVQ8Xsy
Pb866yqXCeHNrhaDhHocKh+BIoBxGzTbJSYA/rP1Mh4K9EJJaJFRwlEGSsiFLQ==
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
BAAAAM6/tXABAgAAEGYAAACkAAByyeLZjkZQ0xCr6QqkJTNwMDUmMCgurpqZpDviTi/OE5RXmHBV
23m2zsNYZbQDx83UqMe9fg4dxVDUtgfUr821cJqXPmXKjJcL0poyKQUT3iBho3L3dybsVg95eFKx
onYCYJXdRm+DY9GpTd8nHOmDj5eT6EoZcOzw8MSupt56tUp3dUJiqRFWUf0+10nqhA8hA+Uz23BH
jLkFYnT12flZZ2wMIIz0nZskZJTQKcNYPwQEuKcwZwA02N9xmQ93I75+EVVqapRvwn7UpVlKev6e
jSDsws/SipqXXOS+9ZZZMZUhF4uCaw9MmJVJiGdxlm9qPsc8Do85j78V1cALFrdg
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
BAAAALDeX3sBAgAAEGYAAACkAAC7qdIapI3AF/U55VAVutUYsGUG9WjOQryizi/fjbL2v6tT8Hgi
poCjt24RMmdvr6j6coJM0ZOhZCYRu4Hi+nA/rRUTBtFLO8YX161MqnZj6L0X/szM8QwVDF5vZgBy
K3Nt1vjFUK8y/igLjE+SRt3lG6jLdJgrApbs1EL80kq8L4R+I3Fv+KS8FC2o4ltjyk7+MbFF3Y9Q
02DelG25RGfA8AtEB9s/A7/ICRKZ5vQZoJsN3wRdgTkKrHenANGg6EHqZAI9Y4XlQvd6Ae4ADpiq
Af8+6sSBzFEBBrXqnv9qZ5cqagFEkrozWo41rI+n2DTSAAdDvIUClOzmobb+H6tK
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
BAAAAIASPKABAgAAEGYAAACkAAAdBjwirUEQnK1ZM3DEJZTFoylVC+NsbKCd6OZyN1QZUeUet6jx
GpNGwUBXttKDqQNp9vdlzHmfwqcL9HRB54+DgN80nC12jFa//EVUV+Mdq/OTpA4GXU18/NGKD37g
D0s7s/4tzpajObyh8eabXr1pfg7PU6EKXmAHi0xmQzIoNzRBOsh0M0wIdn2kYPgP/KmQwaUXSbyb
q79r1XejEzIHC6PSBdhTj6rOT1bgDypo/n3XCUDp3r24ZcVxWwkQHMyh/jRvzUZ+UPFcDGWjYKZk
vLPHUNiw8CDQrpIaRWZbIUOHsWm1KnjzUWn1o0gsQN+1FTNwiKfoDPFTwXIWOEtI
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2019_x64_001_vcRuntimeMinimum_x64.log.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
BAAAAACM8REBAgAAEGYAAACkAADNV2Ktbp9qw0IP0NhDiGim5Vo21W/6uVV78FxMcmRxDfiM2G14
LEeEjSuQXkAGpcbmw+fSoyibheZWE8hIVhVTophrD5l9vmjM+K/OkV3E+ryQaPKNu8vNgSkiNlzV
Kf3QsU6qXkY7BFcx4XOP+kbZTnirYRJsjW3BYmG6eCWCMhaY6Hf0alA+S0rXX394z02IGmijBFCz
VNe8CKbnFbTTh3SihrQ0ybSsHhbKeIHJfQ9U2qRCAqAO4nMojhKww0NaYkprZLdO67NxcrQ+CVei
k+e+DUHy4xg6g5pRdgNokBDTbWjXDMi/yjVnVpVUgz10wLDu9vEUjkjr1HqSrhOF
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\vcredist2019_x64_002_vcRuntimeAdditional_x64.log.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
BgAAAPQgeKnFAAECAAAQZgAAAKQAAFqfFkeklsXuoo3fSFNGaaNCxWoXwigo+MV1QveBVCZthEH0
g7dUAwWojZuSSLYNgXtcjbN33pgR6SNfpFADU8ihXSXkrQBY/jlftnF00QBL3PeXk81DDGStcGlH
KimOHPA9sBP0UOj6WBwQiyakdkL1kfe8M7dA+P93llhvubeUd80FdIM9UfISOExCrrpJ6UDVDZBD
nLjIjZT2GneTlj2+jtQwRMTTzjfDgeHWH0pTvr4JR7XQ+4vc3rLbzKUSBzLIjoieCanUEfNYpSox
1Rx/SONjEod0yVC7HdZRxQmvkMYCLmVqfIBQ0sq1+9+3EJ9Z+0OolwoYmThDErGpTnQ=
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\Documents and Settings\Admin\deployment.properties.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
AgAAACfGAQIAABBmAAAApAAAiOzVMw31sa/PmRuidiRcniytisT976zOpEpva3DK3ZD7mGh8+EX6
+YZMCrpM5PqfuBJyyZ3Crt4kUz4Vf9kDhmc9KYaGD8fgJTfDyHJVYZvz7FvfRNoCitJyNeEhbucK
9IWLtxvV6Ddq2n4tM1rU6HEbm/WwPVLtmK6EbnLgIWJiSd13QNR/XjDe0HXpRlwUwkv2svndiyYQ
XHVqQ05xO7w3K8QDyS8e+1ysnDG625AypLznbAB6LfVnavDzeDt/KMtewNiAEL8YJtlBNpSZ0OAA
gWzDzVI83kPLscKhQJZSltY22wXICSIM5Opod2eBr5lFqlnQ7GNZQH0RV/mIPg==
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Extracted
Path
C:\Documents and Settings\Admin\AppData\Local\IconCache.db.readme2unlock.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
AgAAAMn4AQIAABBmAAAApAAAlGh3JN+1XZSn1lFeVdVpPGe62GrXG55qS4r9H3Wbt9DQ+v3BxK3K
5oUn+aHLu6KS87mkUyovtZD9+XjG21w+dwaY7BZccY7/8qdUbdmzswSLUK2lw6TdeZaJJMx6P7Uy
gYypqNB4jjwV/bY5OcUkBvFW8V+yGdOpJGni44vOaAGnzZw/NSx0TzzkOgi7xiEkFFnladz/Fbrl
zWItMw00I16IFvv59euoVcWPLWMpoLmfk20Uz2hcgtfMSelOOBPOZcnDE0+jj/lOhOyKu0MguVQD
zFyySbchfbl1sUrSxrf5FrYBh4D8jBnQ3hLt6IwijKanGx/6dqRNUzzyDpWLlA==
Emails
btpsupport@protonmail.com
URLs
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/b65dd758-e6bf-11e9-9468-00163eea179c
Targets
-
-
Target
DoppelPaymer.RANSOM.bin
-
Size
3.2MB
-
MD5
8c54bbe3f191a8627bfeeb4cb02634a9
-
SHA1
2fc2ecbed153344557386e80a2fbd097bf795559
-
SHA256
f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555
-
SHA512
752d4bb22765373f7ee185acc42b73d5f2b75ae46ed995bf2f59486038a512eca30c5ecf040541cc2833df005ee17db00a0ec5ae802b677ff468f256ea53ecd2
Score10/10-
BitPaymer
Bitpaymer is a Trojan horse that encrypts files on a computer.
-
Modifies security service
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Sets service image path in registry
-
Loads dropped DLL
-
Modifies file permissions
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-