General

  • Target

    931772ac59f5859e053589202c8db81edc01911391fe5b32c9abb5bbc2b06e43

  • Size

    500KB

  • Sample

    210408-dyxmbfkmtn

  • MD5

    3f558a6a53c72b726b42d21fa1faaf83

  • SHA1

    6f5f822260e4deaa859f3f17e81d9349950d9e34

  • SHA256

    931772ac59f5859e053589202c8db81edc01911391fe5b32c9abb5bbc2b06e43

  • SHA512

    932442ae873bdd196142d9fc023d8c7ca05eeb55f728aa78dd451aaae5e35c13e701a3ca17bd8d79b8f924901677668275d325e7182d40f71e9b931a7ad568cd

Malware Config

Extracted

Family

mespinoza

Attributes
  • ransomnote

    Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://wqmfzni2nvbbpk25.onion/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.

Targets

    • Target

      931772ac59f5859e053589202c8db81edc01911391fe5b32c9abb5bbc2b06e43

    • Size

      500KB

    • MD5

      3f558a6a53c72b726b42d21fa1faaf83

    • SHA1

      6f5f822260e4deaa859f3f17e81d9349950d9e34

    • SHA256

      931772ac59f5859e053589202c8db81edc01911391fe5b32c9abb5bbc2b06e43

    • SHA512

      932442ae873bdd196142d9fc023d8c7ca05eeb55f728aa78dd451aaae5e35c13e701a3ca17bd8d79b8f924901677668275d325e7182d40f71e9b931a7ad568cd

    • Mespinoza Ransomware

      Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks