4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99

General
Target

4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99

Size

504KB

Sample

210408-m4swb7bm4e

Score
10 /10
MD5

e3da64fd9a0a585ebe00ac7f235104d6

SHA1

52b2fc13ec0dbf8a0250c066cd3486b635a27827

SHA256

4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99

SHA512

1620d261d7c176fcb9f93a8b178af55698b7faeb4baa8d3ca3531d211c58eb6ccbf36e57263095f254d3f5567b1b51865dcea48302e6ecfd9d56c6cff3ab98f8

Malware Config

Extracted

Family mespinoza
Attributes
ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: Lpyotr.barclay@protonmail.com galetrendall@protonmail.com -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.
Targets
Target

4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99

MD5

e3da64fd9a0a585ebe00ac7f235104d6

Filesize

504KB

Score
10 /10
SHA1

52b2fc13ec0dbf8a0250c066cd3486b635a27827

SHA256

4770a0447ebc83a36e590da8d01ff4a418d58221c1f44d21f433aaf18fad5a99

SHA512

1620d261d7c176fcb9f93a8b178af55698b7faeb4baa8d3ca3531d211c58eb6ccbf36e57263095f254d3f5567b1b51865dcea48302e6ecfd9d56c6cff3ab98f8

Tags

Signatures

  • Mespinoza Ransomware

    Description

    Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.

    Tags

    TTPs

    Query Registry Data Encrypted for Impact
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation
                Tasks

                static1

                10/10