Resubmissions

06-04-2021 16:38

210406-pa5tpj4bra 8

05-04-2021 09:13

210405-ald3l915jn 10

General

  • Target

    updated.exe

  • Size

    5.1MB

  • Sample

    210405-ald3l915jn

  • MD5

    e3749a1c5284b28ad7ded54ed747b6e0

  • SHA1

    c516f5af4ab59ec6750ac86d11f06ee1dd47a1dd

  • SHA256

    430039aeee4362784600b6b6994b72395c2666aa6d1ad30e6cbf1ed89ecbeaa9

  • SHA512

    acd1911e755d715b7c96ea278a6f4ea039884a85ac230913b1bd85b3f1ab6e322d9cbe9e9869a4c9eeeb5460ebeca9591b5e64d48789ded45d8bc0168ec22bb4

Malware Config

Extracted

Path

C:\READ-ME-NOW.txt

Family

jormungand

Ransom Note
Attention! infortrend!!!!!!! --------------------------------- What happened? We are Jormungand ransomware Your project source code and customer information. Important information has been downloaded. If you do not redeem it as soon as possible, it will be exposed and you will be responsible for the consequences. --------------------------------- How to get my files back? --------------------------------- The only way to recover the file is to contact us to buy the private key. Please contact us with your Unique Identifiler Key --------------------------------- What about guarantees? --------------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer ! --------------------------------- Our email address: [email protected] ----------------- Your Unique Identifiler Key: F+uF3xzMWQ+x5N6VatsrzEXEwkD3azstMMoi1LkueA2kDHmIwyDYufNzBzuR0bZznbZJ9zmP61AjwgSaa4CrDm/VOttbpSU4vUcNPpP+FQT4Uarabq1TdlJ+AmI8jFNhelKn3tufUx0dyb8jMEENI4f8glBSJiv5pfxh5dll13Q=

Targets

    • Target

      updated.exe

    • Size

      5.1MB

    • MD5

      e3749a1c5284b28ad7ded54ed747b6e0

    • SHA1

      c516f5af4ab59ec6750ac86d11f06ee1dd47a1dd

    • SHA256

      430039aeee4362784600b6b6994b72395c2666aa6d1ad30e6cbf1ed89ecbeaa9

    • SHA512

      acd1911e755d715b7c96ea278a6f4ea039884a85ac230913b1bd85b3f1ab6e322d9cbe9e9869a4c9eeeb5460ebeca9591b5e64d48789ded45d8bc0168ec22bb4

    • Jormungand Ransomware

      Ransomware family first observed in March 2021.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks