Overview

overview

10

Static

static

02a08b9942...51.exe

windows7_x64

10

02a08b9942...51.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851

  • Size

    142KB

  • Sample

    210209-z84w891v5s

  • MD5

    39ea2394a6e6c39c5d7722dc996daf05

  • SHA1

    ca010ca1e7d5104049c09eefca128cc0e50729e1

  • SHA256

    02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851

  • SHA512

    90df3cd613c83a3aed88183e3b67ee6affc76690b47ff819fc147191d60a03e720aeb371bc1c3d96954699c01fe1b79084cda4369f89f805ea5501e4d86a3974

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\MSOCache\DECRYPT_NOTE.txt

Ransom Note
Hello i-online.fr Congratulations! This PC hacked. Some data has been stored in our servers and ready for publish. Content of your files has been successfully encrypted with unique public key. To restore your files you need buy official decryptor with unique private decription key. Contact with us to get decryptor using TOR browser (https://www.torproject.org/) and your personal contact link in TOR network below. IMPORTANT: Don't modify encrypted files or you can damage them and decryption will be impossible! To contact with us you have ONE week from the encryption time, after decryption keys and your personal contact link will be deleted automaticaly. Stored information can be publish. Thanks for undestanding. Best regards. Your personal contact link: http://decrypts3nln3tic.onion/secret/18ebdc51148b7c55b451a7d070d706078293f4df2ca6d4f3a485367156f2ac43
URLs

http://decrypts3nln3tic.onion/secret/18ebdc51148b7c55b451a7d070d706078293f4df2ca6d4f3a485367156f2ac43

Targets

    • Target

      02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851

    • Size

      142KB

    • MD5

      39ea2394a6e6c39c5d7722dc996daf05

    • SHA1

      ca010ca1e7d5104049c09eefca128cc0e50729e1

    • SHA256

      02a08b994265901a649f1bcf6772bc06df2eb51eb09906af9fd0f4a8103e9851

    • SHA512

      90df3cd613c83a3aed88183e3b67ee6affc76690b47ff819fc147191d60a03e720aeb371bc1c3d96954699c01fe1b79084cda4369f89f805ea5501e4d86a3974

    Score
    10/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks