General
-
Target
190a621ed9d5471e03fbc7144f04b3ed0d94b5be2ab0c4bc1df345120986d19a
-
Size
66KB
-
Sample
210218-ndr6prtyxe
-
MD5
c9a3f59644226858255588cd5d3c6d56
-
SHA1
be1e18396b118b13cc2128ab7efbe11833dc4d53
-
SHA256
190a621ed9d5471e03fbc7144f04b3ed0d94b5be2ab0c4bc1df345120986d19a
-
SHA512
ba450f886ee9f24eed23298b8749dfa64ee4a48d70c89dcbaa3d10b6d3a9cd7bfdff377aae5f1a13ff9383e137be61eae6814c856df4325d108a2339a4683699
Score
10/10
Malware Config
Extracted
Path
C:\$Recycle.Bin\HOW_TO_RECOVERY_FILES.txt
Family
balaclava
Ransom Note
Hello!
If you see this message - this means your files are now encrypted and are in a non-working state!
Now only we can help you recover.
If you are ready to restore the work - send us an email to the address
[email protected]
In the letter, specify your personal identifier, which you will see below.
In the reply letter we will inform you the cost of decrypting your files.
Before payment you can send us 1 files for test decryption.
We will decrypt the files you requested and send you back.
This ensures that we own the key to recover your data.
The total file size should be no more than 2 MB,
the files should not contain valuable information (databases, backups, large Excel spreadsheets ...).
Email to contact us - [email protected]
YOUR PERSONAL ID :
C31DF307F8AE151EB715CCCA4D9FEEC27BF436D9C53DA6FF62501865FD3D9885
5E65D8BFE887F98525DEC66EA11A12B3CACB4C7A217E3C2ABEB539423FE5629F
EDAF0F857DB4E7C53CA1CEE4EBB071A175E925F9572002419E98F5A52316407E
7AACDD1C81BED8961F48021C3FC0C807AA2859C9DE7AD605943FE9157BFD215F
1CE768EF7990A964DA9FBC4A39C04D27576BA2E58129137596AE82C767A05E2D
33EE66EEF35C1D672E6E012A27854F05FBDC3BFDA83EF2E7DA6D2F636266446C
76D0EAD57B177391CFAD8E0A5AA40B74A9F9CEAB05C7415C9443871D45ACAA61
7E5E0C2649F889C7F510F0063655B1FA9BA72B224DA855CFD6C782198A0DB498
8CC1EFC56D64F9D7F5F585C56AC1E999B592F9CEA4680C44F18B6842DFBEF993
561D2A56C41353B83F06C46CE16CC299BB1393264FB99D6856F46231A4F727C0
434C382831FC94588083633645C0BE419631BF30609BA98A56A14C71B69593E3
2F8482B7F66E21A90DE8917CBE60F38E7FA5A80C3F06BDAECE14A46895E8E937
7B7466EEEF392FA53EB3EAEC35E92258D920A6440BE0B0A1A81F0D696B450E9B
F4F8384FFD1D9EDC7CE76E5842BCD89506B09B8FC169C2614E51127B40D6BD62
1578500957F522BA25E0BFE2106A1AD43D8301D34F0B60982784D14504190615
2E84DDBF5BE123445557128EF9993CE19E6A8CC752DA42508FA9AE21C7A785C2
C16478A0175BCB7E2481ACB767CF6FB8529ED52579E5AF5EB58372239620C57D
BC19482021B1F6E33568245C41CF6DE6E5DA2F58BDBEBA134E3431E2F221AB5C
51F68E0487E6441B144336AB3FD58CA8E443E2D1B451F248C59A78CB8689C57F
01F19A177A2D566C094E25871B8C7CD49A6F6674AD1B9CFFDDC116C9D0CC75E1
2F7FF0A8ADAEE847B7204D0E1516FA2FF771982653BBF469C812D7392E75AEC8
EF0C5C44B3CDA95B67AA33F5CE93A775138766816388A6625027DC9718D63C24
4DCF2F0737969B3AD68856A82EF006BADC4B0D22943F62846E2A9F24310B313C
E6E7609EAD5B09129763B4CAD6BCA416B26B6D65DF178069F616122CFEB300A8
30D5118EAB6681724D366AB5F601C08546C123D11409868E06F652C26E592942
9230C3D0E2E2A00109
Emails
Extracted
Path
C:\$Recycle.Bin\HOW_TO_RECOVERY_FILES.txt
Family
balaclava
Ransom Note
Hello!
If you see this message - this means your files are now encrypted and are in a non-working state!
Now only we can help you recover.
If you are ready to restore the work - send us an email to the address
[email protected]
In the letter, specify your personal identifier, which you will see below.
In the reply letter we will inform you the cost of decrypting your files.
Before payment you can send us 1 files for test decryption.
We will decrypt the files you requested and send you back.
This ensures that we own the key to recover your data.
The total file size should be no more than 2 MB,
the files should not contain valuable information (databases, backups, large Excel spreadsheets ...).
Email to contact us - [email protected]
YOUR PERSONAL ID :
2B97C0EC94560515F4286634C03FC6FDBA454A8804B615D46C85EDFA4708E124
8F2779E021590BEB23E17290C1F7F6AFEFBE625C33D6F74222A8A8C3C37FED16
B6FA0E0F1642C2EC471CE1410C03808B33E5494D8AB504E737826F2F7A47B18D
8E6B81FD5294302500DE5FEE21B6F4CDD65354B6979047F81254A47DE50194A3
D7997CBD5D932C29EA2BC1FEB46FC4C804F3FC5A77021319967B7D137BE996A1
110A9A43562EF7BFDFD2407E4100E68D01372A59ED9ECF9FF94E6009D817894C
F6C09A0E40C6878664C7BC4801DD6DE76EB89FA90CD91CCEE7B7525F8E092FB4
47873D10545DC91D20FDB961AF9A109738CF69A7686A37852A28427F641543ED
DE83AA7A0C0B9CBA5E4AE54F2212926EFD93E688146B2B11B6BD5E11F70BB144
93A6895D57C10590B0BF1D6A3B1DEDB797CB7F49CCB63E8F0C3C9C77CD643723
A5F21F0CD3E8685E0A26B89741686DB813B278B08D82391035C6A0BBB77613FC
D641200EF5E39CF0EF5CA9EAA563D563B219A03DA6FF4579AEA3DEDB073329DE
DE446C6C4D213E5BA0F74906E151D743639B764E1F49E3D0A7A20EE722FC27C2
EE5E7DC8F3A5171469395272F7A1735DEB5ED9C772E30F282ACD7F1B8BD1D34F
D5C065E0D9C6B470217F43D988946738F3087D4910A74C2AC03A7295620A00EA
19946CC743EB5DCE5CC0009B00B486F862F0687BBC19AB145E933F7C3E8D826A
CEB81FF1F9AB10AFEFA7393376B6618E9D46E2B7D6A54E7DBDDB788F8D4448DE
A80522BC10324364DC9730D322C551E2A94516AB225E2AF626938CFD8400914D
CAB0166C8A75A95B185233F26E9F15E3A7B456EEEB9BF263B057D4BD255CEEE2
C841D5EDB472A160988ED333234B33F08E763553851F5CF0DDDA25F1EBC6DF54
C617FC5D97ED2710EC038C32DA0E8CC06F4626955254790F00C3ED75D5AE22C4
026A439955467F4DD83B610AF0845FA6989C47340FEF53CA39055C8E6D588460
9FBB6A0C59BBA30562324CEBE1103A553F470C97961C02DA202057DD49B25E1E
CF176701C9488828D156F0170A7DE6DE6031ED1E0C5E4759B9A83396AD579EB1
E2962EC09C0A267B7EF6C9F86A6A0B5B0542B9F1B67B3C7891BA1C177DF77F73
0FFF2A52EAB5C101BD
Emails
Targets
-
-
Target
190a621ed9d5471e03fbc7144f04b3ed0d94b5be2ab0c4bc1df345120986d19a
-
Size
66KB
-
MD5
c9a3f59644226858255588cd5d3c6d56
-
SHA1
be1e18396b118b13cc2128ab7efbe11833dc4d53
-
SHA256
190a621ed9d5471e03fbc7144f04b3ed0d94b5be2ab0c4bc1df345120986d19a
-
SHA512
ba450f886ee9f24eed23298b8749dfa64ee4a48d70c89dcbaa3d10b6d3a9cd7bfdff377aae5f1a13ff9383e137be61eae6814c856df4325d108a2339a4683699
Score10/10-
Balaclava Malware
Balaclava malware is a ransomware program.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-