Overview

overview

10

Static

static

updated.exe

windows7_x64

1

updated.exe

windows10_x64

10

Resubmissions

06-04-2021 16:38

210406-pa5tpj4bra 8

05-04-2021 09:13

210405-ald3l915jn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updated.exe

  • Size

    5.1MB

  • Sample

    210405-ald3l915jn

  • MD5

    e3749a1c5284b28ad7ded54ed747b6e0

  • SHA1

    c516f5af4ab59ec6750ac86d11f06ee1dd47a1dd

  • SHA256

    430039aeee4362784600b6b6994b72395c2666aa6d1ad30e6cbf1ed89ecbeaa9

  • SHA512

    acd1911e755d715b7c96ea278a6f4ea039884a85ac230913b1bd85b3f1ab6e322d9cbe9e9869a4c9eeeb5460ebeca9591b5e64d48789ded45d8bc0168ec22bb4

Score
10/10
jormungandransomwarespywarestealer

Malware Config

Extracted

Path

C:\READ-ME-NOW.txt

Family

jormungand

Ransom Note
Attention! infortrend!!!!!!! --------------------------------- What happened? We are Jormungand ransomware Your project source code and customer information. Important information has been downloaded. If you do not redeem it as soon as possible, it will be exposed and you will be responsible for the consequences. --------------------------------- How to get my files back? --------------------------------- The only way to recover the file is to contact us to buy the private key. Please contact us with your Unique Identifiler Key --------------------------------- What about guarantees? --------------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer ! --------------------------------- Our email address: DYAQrvHmy@protonmail.com ----------------- Your Unique Identifiler Key: F+uF3xzMWQ+x5N6VatsrzEXEwkD3azstMMoi1LkueA2kDHmIwyDYufNzBzuR0bZznbZJ9zmP61AjwgSaa4CrDm/VOttbpSU4vUcNPpP+FQT4Uarabq1TdlJ+AmI8jFNhelKn3tufUx0dyb8jMEENI4f8glBSJiv5pfxh5dll13Q=
Emails

DYAQrvHmy@protonmail.com

Targets

    • Target

      updated.exe

    • Size

      5.1MB

    • MD5

      e3749a1c5284b28ad7ded54ed747b6e0

    • SHA1

      c516f5af4ab59ec6750ac86d11f06ee1dd47a1dd

    • SHA256

      430039aeee4362784600b6b6994b72395c2666aa6d1ad30e6cbf1ed89ecbeaa9

    • SHA512

      acd1911e755d715b7c96ea278a6f4ea039884a85ac230913b1bd85b3f1ab6e322d9cbe9e9869a4c9eeeb5460ebeca9591b5e64d48789ded45d8bc0168ec22bb4

    Score
    10/10
    jormungandransomwarespywarestealer

    • Jormungand Ransomware

      Ransomware family first observed in March 2021.

      ransomwarejormungand

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks