Overview

overview

10

Static

static

speedo.bin.exe

windows7_x64

10

speedo.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    speedo.bin.zip

  • Size

    22KB

  • Sample

    210209-43237vhgbj

  • MD5

    85b32cb70b9385088a5f159bc9adf5dc

  • SHA1

    1fff053ee5117b6c63a4d32a0766a3469579e295

  • SHA256

    65dff425f5dbf60186664a0d16508e2fe65fd4c4361a15c774ba600478d8f225

  • SHA512

    50bbf2ede2a12e1a06d00acd9c2da72dfc2b1ad843a144a634ab51eeb5263da1a153440a09eff9fc3764c76684e13375c80ca6baa2d4d6aa3fdbe1d53d7ebeb2

Score
10/10
ransomwarespyware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\info.hta

Ransom Note
🔒 ALL YOUR DATA TURNED TO USELESS BINARY CODE 🔒 Your computer is infected with a virus. Send an email [email protected] , specify in the subject your unique identifier 13W95 and you will definitly be helped to recover. NOTE: You can send 2 files as proof that we can return all your data. If the provided email doesn't work, please contact us at [email protected] Algorithms used are AES and RSA. IMPORTANT: 1. The infection was due to vulnerabilities in your software. 2. If you want to make sure that it is impossible to recover files using third-party software, do this not on all files, otherwise you may lose all data. 3. Only communication through our email can guarantee file recover for you. We are not responsible for the actions of third parties who promise to help you - most often they are scammers. 4. Please, do not try to rename encrypted files. 5. Our goal is to return your data, but if you don't contact us, we will not succeed.

Extracted

Path

C:\Users\Admin\Desktop\info.hta

Ransom Note
🔒 ALL YOUR DATA TURNED TO USELESS BINARY CODE 🔒 Your computer is infected with a virus. Send an email [email protected] , specify in the subject your unique identifier 4LP7M and you will definitly be helped to recover. NOTE: You can send 2 files as proof that we can return all your data. If the provided email doesn't work, please contact us at [email protected] Algorithms used are AES and RSA. IMPORTANT: 1. The infection was due to vulnerabilities in your software. 2. If you want to make sure that it is impossible to recover files using third-party software, do this not on all files, otherwise you may lose all data. 3. Only communication through our email can guarantee file recover for you. We are not responsible for the actions of third parties who promise to help you - most often they are scammers. 4. Please, do not try to rename encrypted files. 5. Our goal is to return your data, but if you don't contact us, we will not succeed.

Targets

    • Target

      speedo.bin

    • Size

      50KB

    • MD5

      e0870a190c5eaefdae56f9c8773e36cd

    • SHA1

      a0d2ea755f3914354b76ed895e0024fe753808bc

    • SHA256

      1b1172500c6e1e1607b0b0bce4ec74f8b65ffafcd492d8cd2886a7b7f20efaa4

    • SHA512

      c68948866b06f2336b4be9ea6ec63daa3573d9a5a8185977e772bfd297a0b7cbf050fd5cc72cb782f53a4ba1bb7d46b683b7a3fcd69e047d0e30899e021efadd

    Score
    10/10
    ransomwarespyware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks