Overview

overview

10

Static

static

___________.exe

windows7_x64

10

___________.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    paralock.zip

  • Size

    21KB

  • Sample

    210212-6mttr2hs92

  • MD5

    83f9f8867c9c16c42f33bb79f0458707

  • SHA1

    f2f23cecfb4f9a560b1594dccb010eb85e491d8b

  • SHA256

    2a6e52be64513ee856e20eaeeeba58baa4b656dbbf517ca4a7e2e9f3a7180c39

  • SHA512

    8986ca5988721277988d70306853c41c4eff5abbac5e11319d09a6de572cbe53845355620bcdee65f4e469f12548269ea802797e06b11636b67fa59361d2509e

Score
10/10
ransomwarespyware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\info.hta

Ransom Note
🔒 ALL YOUR DATA TURNED TO USELESS BINARY CODE 🔒 Your computer is infected with a virus. Send an email [email protected] , specify in the subject your unique identifier VL6CGPIC and you will definitly be helped to recover. NOTE: You can send 2 files as proof that we can return all your data. If the provided email doesn't work, please contact us at [email protected] Algorithms used are AES and RSA. IMPORTANT: 1. The infection was due to vulnerabilities in your software. 2. If you want to make sure that it is impossible to recover files using third-party software, do this not on all files, otherwise you may lose all data. 3. Only communication through our email can guarantee file recover for you. We are not responsible for the actions of third parties who promise to help you - most often they are scammers. 4. Please, do not try to rename encrypted files. 5. Our goal is to return your data, but if you don't contact us, we will not succeed.

Extracted

Path

C:\Users\Admin\Desktop\info.hta

Ransom Note
🔒 ALL YOUR DATA TURNED TO USELESS BINARY CODE 🔒 Your computer is infected with a virus. Send an email [email protected] , specify in the subject your unique identifier MEPU7S61 and you will definitly be helped to recover. NOTE: You can send 2 files as proof that we can return all your data. If the provided email doesn't work, please contact us at [email protected] Algorithms used are AES and RSA. IMPORTANT: 1. The infection was due to vulnerabilities in your software. 2. If you want to make sure that it is impossible to recover files using third-party software, do this not on all files, otherwise you may lose all data. 3. Only communication through our email can guarantee file recover for you. We are not responsible for the actions of third parties who promise to help you - most often they are scammers. 4. Please, do not try to rename encrypted files. 5. Our goal is to return your data, but if you don't contact us, we will not succeed.

Targets

    • Target

      ___________.exe

    • Size

      48KB

    • MD5

      221f1b97cd8e9766bebd001960b31dc4

    • SHA1

      4c3367638ffca90ae5eb5a644a9beaec1853f36c

    • SHA256

      a5f47b1b2efcf8bd7e36a072941fb9ee0ce780e6f410d6c85c503ccea24d29e6

    • SHA512

      7e86b0fc428b8fc97251eb0bf2639b2c780d7a45b730b475794107312e6edd963355aca59c8eee34380800006531a8dbeae152f3542291f0c3154c0d1fbb96d6

    Score
    10/10
    ransomwarespyware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks